Troubleshooting
Problem
In IBM Cognos Analytics 11.2.4, the functionality for enabling FIPS mode was introduced in Linux. The FIPS mode feature is available in both Linux and Windows as of Cognos Analytics 12.0.
This technote corrects and clarifies some information on configuring FIPS mode in Cognos Analytics.
Environment
11.2.4 (Linux only).
12.0
Resolving The Problem
Be aware of the following limitations, errata, and details on the steps for enabling FIPS.
One limitation that is not mentioned in the current documentation is that LDAPS namespaces need to use the Cognos Analytics CAMKeystore certificate database to store LDAP server certificates. The legacy method for LDAPS, which uses a certutil cert8.db database (NSPR networking), is not supported with FIPS mode.
Trying to use certutil based LDAPS with FIPS results in a CAM-AAA-0026 The function call to 'ldap_simple_bind_s' failed with error code: '81' error.
Procedure corrections and clarifications:
Stop Cognos Analytics before making changes to files in the installation and configuration.
Step 1 is to modify the java.security file to add the IBMJCEPlusFIPS provider to the list of security providers.
Under Procedure, step 1a:
The correct path to the java.security file is installation_location/ibm-jre/jre/lib/security.
The correct path to the java.security file is installation_location/ibm-jre/jre/lib/security.
Step 2 is to modify the bootstrap_wlp_xxxx.xml file to add the FIPS parameters.
Under Procedure, step 2c:
The entries in the installation_location/bin64/bootstrap_wlp_xxxx.xml need to be in the <start> section so that the parameters are picked up when the Cognos Analytics service starts.
Note: Any configuration done on the operating system itself for FIPS is outside of the scope of this process (such as enabling FIPS at the kernel level on Linux).
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl5lAAC","label":"Security-\u003ESSL\/Cryptography"}],"ARM Case Number":"TS013229974","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.2.4;12.0.0"}]
Was this topic helpful?
Document Information
Modified date:
27 June 2023
UID
ibm17007453