To enable SSL in IBM® Cognos® TM1® Web, you must add a certificate in the Java™ Runtime Environment (JRE) keystore.
Before you begin
By default, Cognos TM1 Web uses the standard, default
SSL certificates that are included as part of your Cognos TM1 installation.
To use your own custom SSL certificates, add your certificate in the Java Runtime Environment (JRE) keystore.
Procedure
- Open IBM Cognos Configuration and enter
the secure HTTPS URL for the following parameters:
- TM1 Application Server Gateway URI -
For example, http://system_name:9514/pmpsvc
- External server URI - For example, http://system_name:9514
Enter the system name and port numbers for your specific
configuration.
- For 32-bit installations:
- Open a command prompt and change directory to the JRE
location that was provided with the Cognos TM1 installation.
tm1_location\bin\jre\7.0\bin
For
example:
C:\Program Files\IBM\cognos\tm1\bin\jre\7.0\bin>
- Run the Java keytool command
to import the certificate into the keystore.
Note: For
formatting purposes the command is shown here with line breaks but
you should enter the command all on one line.
keytool.exe -import -trustcacerts -file
"c:\Program Files\ibm\cognos\tm1\bin\ssl\your_certificate.pem"
-alias your_certificate -keystore
"c:\Program Files\ibm\cognos\tm1\bin\jre\7.0\lib\security\cacerts"
Replace your_certificate.pem and your_certificate with
the file name and name of your own certificate.
- Enter yes when prompted to trust
or add the certificate.
The following message displays: Certificate
was added to keystore.
- For 64-bit installations:
Attention: On
64-bit computers, be sure to add the certificates to the bin64 folder.
- Open a command prompt and change directory to the JRE
location that was provided with the Cognos TM1 installation.
C:\Program
Files\ibm\cognos\TM1_64\bin64\jre\7.0\bin
- Run the Java keytool command
to import the certificate into the keystore.
For 64-bit
installations, target the 64-bit folder when dealing with the certificates.
If you do not correctly target the 64-bit locations for certificates
when running a 64-bit installation, you receive a warning message
indicating that you cannot contact the servers.
Note: For formatting
purposes this command is shown with line breaks but you should enter
the command all on one line.
keytool.exe -import -trustcacerts -file
"c:\Program Files\ibm\cognos\TM1_64\bin64\ssl\your_certificate.pem"
-alias your_certificate -keystore
"c:\Program Files\ibm\cognos\TM1_64\bin64\jre\7.0\lib\security\cacerts"
Replace your_certificate.pem and your_certificate with
the file name and name of your own certificate.
- Enter yes when prompted to trust
or add the certificate.
The following message displays: Certificate
was added to keystore.
- Use IBM Cognos Configuration to restart the TM1 Application Server and have
the change take effect.
- In Cognos Configuration,
expand the Environment node, right-click TM1
Application Server, and select Stop.
- Right-click TM1 Application Server,
and select Start.
Remember: Re-add certificates any time you
reinstall Cognos TM1.
Results
Log in to Cognos TM1 Web using the secure HTTPS URL
to confirm that you can connect to Cognos TM1 using this configuration.
For
this example, log in using https://system_name:9514/tm1web.