IBM Support

"PKI entry not found" when importing a signed certificate using ThirdPartyCertificateTool.bat

Troubleshooting


Problem

When you try to use the tool ThirdPartyCertificateTool.bat to import a certificate signed by a Certificate Authority (CA), you receive the following error :
 
"PKI entry not found" 

Symptom

When you use the GUI tool IkeyMan and follow all the steps described in this article :  https://www-01.ibm.com/support/docview.wss?uid=swg22014876 , the certificate signed by the CA can be imported, but when you try to start the Cognos service, you hit this error :
[ ERROR ] The server did something wrong.
[ ERROR ] AAA-AUT-0016 The function call to 'CAMFactory.initialize' failed.
[ ERROR ] CAM-CRP-1095 Unable to find the encryption certificate with alias 'encryption' in the keystore
'D:/ibm/cognos/analytics/configuration/certs\CAMKeystore'.

Cause

The Signature Algorithm used by the Certificate Authority to sign the certificate was SHA1withRSA

Environment

Microsoft Windows

Diagnosing The Problem

To check the Signature Algorithm, re-import again the signed certificate using IkeyMan and double-click on "encryption" (see attached screenshot)
The Signature Algorithm used by the Certificate Authority to sign the certificate was SHA1withRSA

Resolving The Problem

Ensure that the Certificate Authority signs the certificate with a Signature Algorithm >= SHA256WithRSA 

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"11.1.3","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
14 October 2019

UID

ibm11087017