APAR status
Closed as documentation error.
Error description
Cognos Analytics documentation does not specify the requirements for certificates to meet our Cryptographic Conformance requirements
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * CA users * **************************************************************** * PROBLEM DESCRIPTION: * * In the Cognos Analytics 12.0.x (and 11.2.x) documentation, * * in the sections about implementing Third-Party Certificate * * Authority, no guidance is provided about the minimum * * requirements for certificates (in particular, key length and * * signature algorithm), in order that they will work * * successfully with the product. * * * * For example, if the environment is set to NIST SP800-131A * * conformance, the certificates need a minimum of: * * * * a) SHA-256 RSA signature (SHA-1 will break the product, * * causing a restart loop every 10 minutes) * * b) 2048-bit key length (1024 bit will, as above, break the * * product, causing a restart loop) * * * * Whereas, with Cognos conformance, you can use certificates * * with a minimum of: * * * * a) SHA1 RSA signature * * b) 1024 bit key length * * * * Having the certificate requirements clearly stated would * * prompt customers to provide that detail to their Certificate * * Authority when having certificates signed, or to check that * * their inhouse CAs can provide appropriate certificates * * before encountering issues during their implementation. * * * * With having 3 Crypto conformance choices in 12.0.x, clearly * * stating the requirements would deflect a number of cases. * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
. The topic is updated for 11.2.x and 12.0.x: * https://www.ibm.com/docs/en/cognos-analytics/11.2.0?topic=option s-external-certificate-management-in-cognos-analytics * https://www.ibm.com/docs/en/cognos-analytics/12.0.0?topic=option s-external-certificate-management-in-cognos-analytics
Temporary fix
Comments
APAR Information
APAR number
PH57549
Reported component name
COG ADMINISTRAT
Reported component ID
5724W12AD
Reported release
B09
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-10-16
Closed date
2024-04-09
Last modified date
2024-04-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTSF6","label":"Cognos Analytics"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B09","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
10 April 2024