Enabling SSL for communications with Oracle databases

You can enable secure sockets layer (SSL) protocol for communications between IBM® Cognos® Analytics and Oracle databases.

The following databases can be configured: Content Manager, Notification, Mobile, Human Task and Annotation Services, and Logging.

To use secure sockets layer (SSL) with Oracle database connections in IBM Cognos Analytics, you must import the SSL certificate to the Java keystore.

Before you begin

Ensure that you enable SSL on your database server before you perform the steps in IBM Cognos Configuration.

Tip: The database type must be Oracle database (Advanced), not Oracle database.

About this task

The configuration settings that you need to specify depend on the version of Oracle JDBC driver that is supported by your version of the Cognos Analytics server. Refer to this article (www.ibm.com/support/pages/node/1106607) to view a list of supported JDBC drivers that are regularly tested with 12.0.x versions of Cognos Analytics. For information about specific versions of JDBC drivers, see the Oracle documentation.

Procedure

  1. Edit the bootstrap_wlp_os_version.xml file.

    This file is used when you start Cognos Analytics as a service from IBM Cognos Configuration.

    Tip: Using double quotation marks in the bootstrap_wlp_linux38664.xml file prevents IBM Java from starting, and causes Cognos startup to hang and fail.
    1. Go to the install_location/bin64 directory, and open the bootstrap_wlp_os_version.xml file in a text editor.
    2. Under the <process>, <start>, <spawn> element, specify the Java system properties that are required by the Oracle JDBC driver version that is supported by your version of Cognos Analytics. For information about specific versions of JDBC drivers, see the Oracle documentation.

      For example, you might add the following lines of code in bootstrap_wlp_os_version.xml:

      <param>-Doracle.net.ssl_client_authentication=false</param>
<param>-Doracle.net.ssl_version=1.2</param>
<param>-Djavax.net.ssl.trustStore=/app/my_wallet/truststore.jks</param> 
<param>-Djavax.net.ssl.trustStoreType=JKS</param>
<param>-Djavax.net.ssl.trustStorePassword=my_wallet_password</param>
      Tip: This example works only for a specific version of Cognos Analytics and Oracle database. For your environment, you will likely need to specify different settings.
    3. Save and close the bootstrap_wlp_os_version.xml file.
  2. Edit the cogconfig file.
    1. From the install_location/bin64 directory, open the cogconfig.bat (cogconfig.sh on UNIX or Linux) file in a text editor.
    2. Add the Java system properties, as required by the Oracle JDBC driver version that is supported by your version of Cognos Analytics. For information about specific versions of JDBC drivers, see the Oracle documentation.

      To continue with the example in step 1b, in the cogconfig.bat file, add the following lines of code below set J_OPTS=%DD_OPTS% %J_OPTS% %DEBUG_OPTS%:

      set J_OPTS=-Doracle.net.ssl_client_authentication=false %J_OPTS%
set J_OPTS=-Djavax.net.ssl.trustStore=/app/my_wallet/truststore.jks %J_OPTS%
set J_OPTS=-Djavax.net.ssl.trustStoreType=JKS %J_OPTS%
set J_OPTS=-Djavax.net.ssl.trustStorePassword=my_wallet_password %J_OPTS%
set J_OPTS=-Doracle.net.ssl_version=1.2 %J_OPTS%

      In cogconfig.sh, add the following lines:

      JAVA_OPTS="$JAVA_OPTS -Doracle.net.ssl_client_authentication=false"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/app/my_wallet/truststore.jks"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStoreType=JKS"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=my_wallet_password"
JAVA_OPTS="$JAVA_OPTS -Doracle.net.ssl_version=1.2"
    3. Save and close the cogconfig file.
  3. Copy the required Oracle driver files to the Cognos Analytics install_location/drivers directory.
  4. Start IBM Cognos Configuration by double-clicking the cogconfig file that you modified in step 2.
  5. Under Data Access, click the database name that you want to configure. For example, to configure the content store database, under Content Manager, click the database name.
    Tip: To configure the Logging database, go to Environment > Logging.
  6. In the properties pane, click the SSL Encryption Enabled property, and set its value to True.
  7. Test the connection.
  8. Save your configuration, and restart your Cognos Analytics service.