IBM Support

Cognos Installation guide missing topic: "Enable SSL on the Web Server"

Troubleshooting


Problem

The IBM Cognos Business Intelligence Installation and Configuration Guide is missing a topic called "Enable SSL on the Web Server." This topic should appear in the "Configuring the SSL protocol for IBM Cognos components" section of the guide. The topic contents are included below.

Resolving The Problem

Enable SSL on the Web Server

Enable secure sockets layer (SSL) to encrypt a user’s communication with the Web server.

To enable SSL on your Web server, you must obtain a Web server certificate signed by a Certificate Authority and install it into your Web server. The certificate must not be self-signed, because self-signed certificates will not be trusted by IBM Cognos components.

To enable IBM Cognos components to use an SSL-enabled Web server, you must have copies of the trusted root certificate (the certificate of the root Certificate Authority which signed the Web server certificate) and all other certificates which make up the chain of trust for the Web server’s certificate. These certificates must be in Base64 encoded in ASCII (PEM) or DER format, and must not be self-signed. The certificates must be installed on every computer where you have installed Application Tier Components.

For more information about installing certificates into your Web server, see your Web server documentation.

Steps

  1. Configure the Web server for SSL and start the Web server.
    For more information, see your Web server documentation.
  2. On each Application Tier Components computer that points to the gateway on the Web server, in IBM Cognos Configuration, change the gateway URI from HTTP to HTTPS, and save the configuration.
    Do not start the IBM Cognos service yet.
  3. On each Application Tier Components computer, go to the c10_location/bin directory and import all the certificates that make up the chain of trust, in order starting with the root CA certificate, into the IBM Cognos trust store.
    Import the certificates by typing the following command:
    • In version 10.2.2, on UNIX® or LINUX®, type
      ThirdPartyCertificateTool.sh -T -i -r certificate_fileName -p password
      In version 10.2.0 and 10.2.1, on UNIX® or LINUX®, type
      ThirdPartyCertificateTool.sh -T -i -r certificate_fileName -D ../configuration/signkeypair -p password
    • In version 10.2.2, on Windows®, type
      ThirdPartyCertificateTool.bat -T -i -r certificate_fileName -p password
      In version 10.2.0 and 10.2.1, on Windows®, type
      ThirdPartyCertificateTool.bat -T -i -r certificate_fileName -D ../configuration/signkeypair -p password
      Note: The password should have already been set. If not, the default password is NoPassWordSet.
  4. On each Application Tier Components computer, in IBM Cognos Configuration, start the IBM Cognos service.

    You can verify trust, by creating and running a PDF report that contains pictures that are not stored locally but which the gateway gets from a remote computer. If the pictures appear, trust is established.

    To avoid being prompted by a security alert for each new session, install the certificate into one of your Web browser’s certificate stores.

    In addition, you may want to set up SSL connections between IBM Cognos components and other servers. You must ensure that SSL is set up for the other servers and then you must set up a shared trust between IBM Cognos components and the other servers.

[{"Product":{"code":"SSEP7J","label":"Cognos Business Intelligence"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"10.2.2;10.2.1;10.2","Edition":"All Editions","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 June 2018

UID

swg21695524

Page Feedback