Configuring SSL for IBM Cognos components

For IBM® Cognos® components, you can use SSL for internal connections, external connections, or both.

If you configure SSL for internal connections only, IBM Cognos components on the local computer communicate using this protocol. The dispatcher listens for secure connections on a different port than for remote, HTTP requests. Therefore, you must configure two dispatcher URIs.

If you configure SSL for external connections only, communications from remote IBM Cognos components to the local computer uses the SSL protocol. You must configure the dispatcher to listen for secure, remote requests on a different port than local, HTTP requests. You must also configure the Content Manager URIs and the dispatcher URI for external applications to use the same protocol and port as the external dispatcher.

If you configure SSL for all connections, the dispatcher can use the same port for internal and external connections. Similarly, if you do not use SSL for local or remote communication, the dispatcher can use the same port for all communications.

By default, IBM Cognos Analytics components use an internal certificate authority (CA) to establish the root of trust in the IBM Cognos security infrastructure. This applies to both SSL and non-SSL connections. If you want to use certificates that are managed by another service, see Configuring IBM Cognos components to use another certificate authority.

In distributed installation, you must first configure the default active Content Manager computer to use the SSL protocol and start the services on that computer before you configure the Application Tier Components computer.

Procedure

  1. Start IBM Cognos Configuration.
  2. In the Explorer window, click Environment.
  3. In the Properties window, type the appropriate values for the URI values:
    Important: For HTTPS/SSL configurations, make sure to use a fully qualified hostname for URIs. Also, in the Explorer window, under Security > Cryptography > Cognos > Identity name, change the Server common name from CAMUSER to the fully qualified domain name of the server.
    • To configure SSL for internal connections only, enter https and a port number for SSL communication in the Internal dispatcher URI property.

      For the External dispatcher URI and Dispatcher URI for external applications properties, leave http as the protocol and use the default or another available port number.

      If you use the application server that is provided with IBM Cognos Analytics, the Internal dispatcher URI property must specify localhost.

      The port number in the two dispatcher URIs must be different.

    • To configure SSL for external connections only, enter https and a port number for SSL communication in the External dispatcher URI and Dispatcher URI for external applications properties.

      For the Internal dispatcher URI property, leave http as the protocol and use the default or another available port number.

      If you use the application server that is provided with IBM Cognos Analytics, the Internal dispatcher URI property must specify localhost.

      The port numbers in the two dispatcher URIs must be different.

    • To configure SSL for all connections, enter the same URI for both the Internal dispatcher URI, External dispatcher URI, and Dispatcher URI for external applications properties. Enter https and a port number for SSL communication.

    • Additionally, you can enter https and a port number for SSL communication in the Content Manager URI property.

    • If you installed the gateway on a separate computer, and you are using SSL for external connections, in IBM Cognos Configuration on the gateway computer, enter https and the port number for SSL communication in the Dispatcher URIs for gateway property.

  4. From the File menu, click Save.
  5. Restart your services.

    In a distributed environment, start the services on the Content Manager computer first, followed by the services on the Application Tier Components computers.