Configuring the Cognos TM1 ETLDAP Utility to use SSL

Before you can connect to the LDAP server using SSL, you must run the following command to add your certificate to the IBM® Cognos® TM1® store in the TM1_install_dir\axajre\bin directory:

Example:

C:\Program Files\Cognos\Tm1\axajre\bin >keytool -keystore
"C:\Program Files\Cognos\Tm1\bin\ssl\tm1store" -alias Applixldapca
-import -file c:\temp\certificate_name.cer

In the above command, substitute the name of your certificate file for certificate_name.cer.

When prompted for the keystore password, enter 'applix'.

You will receive confirmation that the certificate was added to the Cognos TM1 keystore.

When connecting to the LDAP server, you must select the SSL option.

If you do not select the SSL option, the LDAP server will not be able to authenticate your user information.

When running the ETLDAP utility from a command line, you must use the following two parameters to enable SSL.

Parameter

Description

-Djavax.net.sll.truststore

Use this parameter to specify the full path to the Java™ certificate store containing the public root authority certificate.

For example, to use the Java certificate store installed with Cognos TM1 , use the parameter -Djavax.net.sll.truststore= C:\Program Files\Cognos\TM1\bin\ssl\tm1store

-Djavax.net.ssl.trustStorePassword

Use this parameter to specify the password used to create the Java certificate store.

For example, to specify the password used to create the Java certificate store installed with Cognos TM1 , use the parameter -Djavax.net.ssl.trustStorePassword=applix
Parent topic: Using SSL for data transmission security