Configure the Cognos TM1 Admin Server to use custom TLS
To configure the IBM® TM1 Admin Server to use Transport Layer Security (TLS), use IBM Cognos Configuration.
The following table describes properties that are related to secure connections, which can be set in IBM Cognos Configuration.
|
Property |
Description |
|---|---|
|
Support non-SSL clients? |
This property determines if the Admin Server supports non-SSL TM1 clients. Set this property to True to configure the Admin Server to support non-SSL clients and to listen for client connections on both secured and unsecured ports. Set this property to False to configure the Admin Server to support only secure client connections on a single secured port. |
|
Support pre-TLS v1.2 clients? |
As of TM1 10.2.2 Fix Pack 6 (10.2.2.6), all secured communication between clients and servers in TM1 uses Transport Layer Security (TLS) 1.2. This property determines whether TM1 clients and TM1 servers prior to 10.2.2 Fix Pack 6 can connect to the 10.2.2.6 or later Admin Server. Set this property to True to allow TM1 clients and TM1 servers prior to 10.2.2.6 to connect to the Admin Server. When such a connection is established, TLS 1.0 is used instead of TLS 1.2. Set this property to False to prevent TM1 clients and TM1 servers prior to 10.2.2.6 from connecting to the Admin Server. |
|
TM1 Admin Server certificate authority file location |
The full path and name of the Cognos® TM1 Admin Server's certificate authority file. |
|
Certificate file location |
The full path of the Cognos TM1 Admin Server's certificate file, which contains the public/private key pair. |
|
TM1 Admin Server private key password file location |
The full path of the file that contains the encrypted password for the Cognos TM1 Admin Server's private key. |
|
TM1 Admin Server password key file location |
The full path of the file that contains the key used to encrypt and decrypt the password for the private key. |
|
Certificate revocation file location |
The full path of the Cognos TM1 Admin Server's certificate revocation file. A certificate revocation file will only exist in the event that a certificate has been revoked. |
|
TM1 Admin Server Certificate Version |
Specifies which version of the TM1 generated certificates to use. By default, the 1024-bit encryption version of the TM1 generated certificates is used. Change this property only if you want to use the new 2048-bit encryption version of the default certificates. You can use the new version with old and new TM1 clients, but you must configure the clients to use the new certificate authority file. Note: This property does not apply if you are using your own certificates.
Valid values include:
|