Troubleshooting
Problem
This document is for TM1 10.2.2 only. For Planning Analytics 2.0.x follow this other document:
Since the 25 August 2022, the TM1 Server and TM1 Admin Server certificates version 2 (using 2048-bit key) have expired.
These certificates are signed by an IBM Cognos proprietary root certificate authority named "TM1 CA V2" ("tm1ca_v2.pem" in "/tm1_64/bin64/ssl" folder) that has also expired since the 25 August 2022.
Symptom
It's causing all TM1 components to refuse any communications between each other. The most obvious effect is that Architect and Perspectives server explorer are not displaying any TM1 Servers. The list is empty.
Cause
Historically, there were two TM1 certificates:
"Certificate V1", which was using a 1024-bit key.
"Certificate V2", which was using a 2048-bit key.
All default installations were using the "Certificate V1".
However, this "Certificate V1" expired on the 24 November 2016, so Cognos provided 3 possible solutions then:
--> Download brand new certificates provided by Cognos, available here: NewSSLcerts
--> Use custom certificates, which was the more complex and time-consuming method.
--> Use the "Certificate V2" that was already available in all installations. That certificate was expiring on 25 August 2022 (giving 6 more years of use, since we were still in 2016): that solution was the easiest and the quickest then.
Today, TM1 10.2.2 is not supported anymore, since the 30 September 2019. However, there are still living environments among IBM customers that are using TM1 10.2.2, so there is a need to provide a solution to that issue, which is the purpose of the present document.
Resolving The Problem
The quicker solution is to get back to "Certificate V1": which is now using a 2048-bit key since the new certificates were provided to fix the "24 November 2016 SSL expiry issue".
1- The first step is to check whether these new certificates are already present or not (it depends whether or not TM1 10.2.2 was updated after 11-24-2016):
-Go to all these possible folders in all TM1 Server machines and TM1 Client machines:
"C:\Program Files\ibm\cognos\tm1_64\bin64\ssl"
"C:\Program Files\ibm\cognos\tm1_64\bin\ssl"
"C:\Program Files\ibm\cognos\tm1\bin\ssl"
-Make a copy of "tm1svrcert.pem" and rename the copy by using another extension, like "tm1svrcert.crt" or "tm1svrcert.cer".
-Double-click the CRT or CER file to let Windows open it in a graphical way. Verify whether the certificate has expired or not:
- If the certificate has expired, then download new certificates from here: NewSSLcerts. Then, follow this document:
2- When we are sure to have the correct certificates in all "/ssl" folders, we can go on with the next steps.
- On the TM1 Admin Server machine, from Windows start menu, open IBM Cognos Configuration. Go to "TM1 Admin Server" section and modify this property:
"TM1 Admin Server Certificate Version": set it back to "1"
Save the configuration and restart TM1 Admin Server.
- For each TM1 Server, open tm1s.cfg and comment or delete this line:
CertificateVersion=2
- On each Architect or Perspectives client, open Architect, go to File / Options menu, and set the "Certificate Authority" field like this:
"C:\Program Files\IBM\cognos\tm1_64\bin64\ssl\applixca.pem"
- On the TM1 Application Server (where "IBM Cognos TM1" service is running), open fpmsvc_config.xml file from "C:\Program Files\ibm\cognos\tm1_64\webapps\pmpsvc\WEB-INF\configuration" and search for the "certificate" tag, which leads to this section:
- Either remove both certificate tags, or replace "tm1ca_v2.pem" by "applixca.pem":
Or:
- Restart "IBM Cognos TM1" service.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCTEW","label":"IBM Planning Analytics Local"},"ARM Category":[{"code":"a8m50000000KzK7AAK","label":"Planning Analytics-\u003ESecurity-\u003ESSL"}],"ARM Case Number":"TS010455390","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
01 September 2022
UID
ibm16616959