Enabling SSL for communications with Microsoft SQL Server databases

You can enable secure sockets layer (SSL) protocol for communications between IBM® Cognos® Analytics and Microsoft SQL Server databases.

The databases that can be configured are the Content Manager, Notification, Mobile, Human Task and Annotation Services, and Logging databases.

For more information about configuring SQL Server for SSL, see the documentation for your version of Microsoft SQL Server.

Note: Microsoft SQL server uses different driver JAR file names, such as sqljdbc4.jar, sqljdbc41.jar, and sqljdbc42.jar. Officially, sqljdbc42.jar supports JRE8, which is the version that is used by IBM Cognos Analytics.

Before you begin

Ensure that you enable SSL on your database server before you perform the steps in IBM Cognos Configuration.

Procedure

  1. Obtain the root Certificate Authority (CA) certificate that issued your SQL Server certificate (or the self-signed server certificate if the CA was not issued by a Certificate Authority), and copy it to the computer where Cognos Analytics is installed.

    For example, copy the file sqlcert.cer to the root directory c:\sqlcert.cer by typing the following command:

    cd C:\Program Files\ibm\cognos\analytics\ibm-jre\jre\lib\security

    Then type the following command:

    C:\Progra~1\ibm\cognos\analytics\ibm-jre\jre\bin\keytool 
    -import -trustcacerts -file "c:\sqlcert.cer" -keystore cacerts -alias SQLCert
  2. Edit the install_location\bin64\bootstrap_wlp_os_version.xml file by adding the following lines after the line <param condName="${java_vendor}" condValue="IBM">-Xscmaxaot4m</param>:
    Windows:
    <param>"-Dcom.ibm.jsse2.overrideDefaultTLS=true"</param>
    Linux, UNIX:
    <param>-Dcom.ibm.jsse2.overrideDefaultTLS=true</param>
    
  3. Edit the install_location\bin64\cogconfig.bat (Windows) or install_location\bin64\cogconfig.sh (Linux, UNIX) file by adding the following line after the line set J_OPTS=%DD_OPTS% %J_OPTS%:
    Windows:
    
    set J_OPTS="-Dcom.ibm.jsse2.overrideDefaultTLS=true" %J_OPTS%
    Linux, UNIX:
    
    JAVA_OPTS=$JAVA_OPTS -Dcom.ibm.jsse2.overrideDefaultTLS=true
  4. Start IBM Cognos Configuration by double-clicking the cogconfig file that you modified in step 3.
  5. Under Data Access, click the database name that you want to configure. For example, to configure the content store database, under Content Manager, click the database name.

    Other databases that can be configured are Notification, Mobile, Human Task and Annotation Services, and Logging.

    Tip: To configure the Logging database, go to Environment > Logging.
  6. In the properties pane, click the SSL Encryption Enabled property, and set its value to True.
  7. Test the connection, and save your configuration.
  8. Start IBM Cognos Analytics. The full server name in SQL Server Configuration Manager must match the name in the certificate. For example, mycomputer.canlab.ibm.com, and not localhost.