How To
Summary
This technote describes the steps to set up SSL communication in Cognos Analytics. Both the dispatcher and content manager URIs are changed to HTTPS implementing the built-in certificate authority to generate and sign the certificates.
Steps
1. Stop all Cognos services in the environment.
2. In Cognos Configuration for each installation in the environment including content manager, application and gateway installs, click ‘File > Export As’ to export an unencrypted copy of the configuration.
3. Choose ‘Yes’ at the prompt and save the file to the default location. For example, name the file ‘export.xml’ stored in the <install directory>\configuration folder.
4. Close all Cognos Configurations.
In distributed installation, you must first configure the default active Content Manager computer to use the SSL protocol and start the services on that computer before you configure the Application Tier Components computer.
5. On the primary Content Manager installation, follow steps to remove the current encryption.
a. Create a backup folder and move the following files to the backup location:
<install directory>/configuration/cogstartup.xml
<install directory>/configuration/caSerial
<install directory>/configuration/certs/CAMCrypto.status
<install directory>/configuration/certs/CAMKeystore
<install directory>/configuration/certs/CAMKeystore.lock
<install directory>/configuration/certs/CAMKeystore.bkup
<install directory>/configuration/certs/CAMKeystore.jks
<install directory>/temp/cam/freshness
b. Move the following directory '<install directory>\configuration/csk' to the backup location.
c. In the <install directory>\configuration folder, rename ‘export.xml’ to ‘cogstartup.xml’.
6. Launch Cognos Configuration.
Note: Do not click Save or Test until all required changes are implemented.
7. Under Security > Cryptography > Cognos, modify the section titled 'Identity name'. The values in this section are used to populate the subject information of the certificate that is generated and signed by the built-in certificate authority.
a. Change the server common name setting to the fully qualified host name of the server
b. Change the Organization name and Country code to match your environment.
8. Under Environment change all of the URIs from http to https.
9. Ensure to enter fully qualified host names or corresponding IP address in all the values for the following Cognos Configuration fields.
Environment
Gateway URI
External dispatcher URI
Internal dispatcher URI
Dispatcher URI for external applications
Content Manager URIs
Environment > Configuration Group
Group contact host
Member coordination host
Security > Cryptography > Cognos
Server common name
Subject Alternative Name > DNS names
Gateway URI
External dispatcher URI
Internal dispatcher URI
Dispatcher URI for external applications
Content Manager URIs
Environment > Configuration Group
Group contact host
Member coordination host
Security > Cryptography > Cognos
Server common name
Subject Alternative Name > DNS names
10. Save the configuration.
11. Start the service.
Repeat from step 5 on all remaining content manager and application tier installs.
On separate gateway installations, launch Cognos Configuration.
Correct the setting 'Dispatcher URIs for gateway' to contain the correct https url for the dispatcher and save.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m0z0000001jkWAAQ","label":"Security"}],"ARM Case Number":"TS005880943","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.0.0;and future releases"}]
Was this topic helpful?
Document Information
Modified date:
13 June 2022
UID
ibm16469837