Configuring the Cognos TM1 Admin Server to use SSL
Open Cognos Configuration and edit the SSL-related parameters as described in the following table.
| Parameter |
Description |
|---|---|
| SupportNonSSLClients |
This parameter determines if the Admin Server supports non-SSL Cognos TM1 clients. Set SupportNonSSLClients = T to configure the Admin Server to support non-SSL clients and to listen for client connections on both secured (SSL) and unsecured ports. Set SupportNonSSLClients = F to configure the Admin Server to support only SSL client connections on a single secured port. |
| SSLCertAuthority |
The full path of the Cognos TM1 Admin Server's certificate authority file. |
| SSLCertificate |
The full path of the Cognos TM1 Admin Server's certificate file, which contains the public/private key pair. |
| DHFile-512 |
The full path name of the file that contains a pre-generated Diffie-Hellman 512 bit key. The generation of Diffie-Hellman parameters can be computationally expensive. To minimize the consumption of resources and to reduce the amount of time required to load the Cognos TM1 server, the Diffie-Hellman 512 bit key should be pre-generated and stored in a file that is called when the Admin Server starts. |
| DHFile-1024 |
The full path of the file that contains a pre-generated Diffie-Hellman 1024 bit key. The generation of Diffie-Hellman parameters can be computationally expensive. To minimize the consumption of resources and to reduce the amount of time required to load the Cognos TM1 server, the Diffie-Hellman 1024 bit key should be pre-generated and stored in a file that is called when the Admin Server starts. |
| SSLPrivateKeyPwdFile |
The full path of the file that contains the encrypted password for the Cognos TM1 Admin Server's private key. |
| SSLPwdKeyFile |
The full path of the file that contains the key used to encrypt and decrypt the password for the private key. |
| ExportSvrSSLCert |
Specifies whether the Cognos TM1 Admin Server's certificate should be exported from the Windows certificate store. If ExportSvrSSLCert=T, the Admin Server's certificate is exported from the Windows certificate store when the certificate is requested by the Admin Server. If ExportSvrSSLCert=T, you must also set the following parameters: SvrSSLExportKeyID SSLCertificateID SSLPrivateKeyPwdFile SSLPwdKeyFile SSLCertAuthority SvrSSLExportKeyID ExportSvrSSLCert ClientExportSSLSvrKeyID For details on using your own security certificates and exporting certificates from the Windows certificate store, see Using independent certificates with SSL and Cognos TM1. |
| SSLCertificateID |
Specifies the name of the principal to whom the Cognos TM1 Admin Server's certificate is issued to. |
| SSLCertRevocationFile |
The full path of the Cognos TM1 Admin Server's certificate revocation file. A certificate revocation file will only exist in the event a certificate had been revoked. |
| SvrSSLExportKeyID |
Specifies the identity key used to export the Admin Server's certificate from the Microsoft Windows certificate store. This parameter is required only if you choose to use the certificate store. |
TM1 Admin Server Certificate Version |
Specifies which version of the TM1 generated SSL certificates to use. By default, the 1024-bit encryption version of the TM1 generated certificates is used. Change this parameter only if you want to use the new 2048-bit encryption version of the default certificates. You can use the new version with old and new TM1 clients, but you must configure the clients to use the new certificate authority file. Note: This parameter does not
apply if you are using your own SSL certificates.
Valid
values include:
|