You can enable secure sockets layer (SSL) protocol for communications between IBM®
Cognos® Analytics and
Microsoft SQL Server databases.
The databases that can be configured are the Content Manager,
Notification, Mobile, Human Task and
Annotation Services, and Logging databases.
For more information about configuring SQL Server for SSL, see the documentation for your version
of Microsoft SQL Server.
Note: Microsoft SQL server uses different driver JAR file names, such as
sqljdbc4.jar, sqljdbc41.jar, and
sqljdbc42.jar. Officially, sqljdbc42.jar supports JRE8,
which is the version that is used by IBM
Cognos Analytics.
Before you begin
Ensure that you enable SSL on your database server before you perform the steps in IBM
Cognos Configuration.
Procedure
-
Obtain the root Certificate Authority (CA) certificate that issued your SQL Server certificate
(or the self-signed server certificate if the CA was not issued by a Certificate Authority), and
copy it to the computer where Cognos Analytics is installed.
For example, copy the file sqlcert.cer to the root directory
c:\sqlcert.cer by typing the following command:
cd C:\Program Files\ibm\cognos\analytics\ibm-jre\jre\lib\security
Then type the following command:
C:\Progra~1\ibm\cognos\analytics\ibm-jre\jre\bin\keytool
-import -trustcacerts -file "c:\sqlcert.cer" -keystore cacerts -alias SQLCert
-
Edit the
install_location\bin64\bootstrap_wlp_os_version.xml
file by adding the following lines after the line
<param condName="${java_vendor}"
condValue="IBM">-Xscmaxaot4m</param>
:
Windows:
<param>"-Dcom.ibm.jsse2.overrideDefaultTLS=true"</param>
Linux,
UNIX:
<param>-Dcom.ibm.jsse2.overrideDefaultTLS=true</param>
-
Edit the install_location\bin64\cogconfig.bat (Windows)
or install_location\bin64\cogconfig.sh (Linux, UNIX) file by
adding the following line after the line
set J_OPTS=%DD_OPTS% %J_OPTS%
:
Windows:
set J_OPTS="-Dcom.ibm.jsse2.overrideDefaultTLS=true" %J_OPTS%
Linux,
UNIX:
JAVA_OPTS=$JAVA_OPTS -Dcom.ibm.jsse2.overrideDefaultTLS=true
- Start IBM
Cognos Configuration by double-clicking the
cogconfig file that you modified in step 3.
- Under Data Access, click the database name that you want to
configure. For example, to configure the content store database, under Content
Manager, click the database name.
Other databases that can be configured are Notification,
Mobile, Human Task and Annotation Services, and
Logging.
Tip: To configure the Logging database, go to
.
- In the properties pane, click the SSL Encryption Enabled property,
and set its value to True.
- Test the connection, and save your configuration.
- Start IBM
Cognos Analytics. The
full server name in SQL Server Configuration Manager must match the name in the certificate. For
example, mycomputer.canlab.ibm.com, and not
localhost.