Troubleshooting
Problem
After configuring a Third Party Certificate Authority, Cognos Analytics does not start and the following error message is written to the cbs_start_WebSphereLiberty.log and cbs_run_WebSphereLiberty.log files
CAM-CRP-0321 The GSKit function 'gsk_secure_soc_init' failed with the error code ' GSK_ERROR_BAD_CERT'.
Symptom
Product does not start
Error message is written to the cbs_start_WebSphereLiberty.log file
Cause
By default, Cognos Analytics 11.1.5 and higher has its Cryptographic standards conformance set to NIST SP 800.
The Certificate Authority Chain of Trust has certificate which utilizes a SHA1 signature algorithm, which NIST SP 800 does not allow.
The Certificate Authority Chain of Trust has certificate which utilizes a SHA1 signature algorithm, which NIST SP 800 does not allow.
Environment
All
Diagnosing The Problem
Review the signature algorithm for each certificate in your Certificate Authority chain of trust. You may need to reach out to your Certificate Authority Administrator to assist with reviewing each.
Resolving The Problem
If you are using a standards conformance of NIST 800 SP, you will need to have SHA-2 as the signature algorithm.
Alternatively, if NIST-800 SP is not required, you could use the standards conformance of IBM Cognos as per the following document.
Alternatively, if NIST-800 SP is not required, you could use the standards conformance of IBM Cognos as per the following document.
Document Location
Worldwide
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m0z0000001jkWAAQ","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
04 December 2020
UID
ibm16378354