Configuring the IBM Cognos LifeCycle Manager Server.XML File for SSL

Configure the Cognos® LifeCycle Manager Server.XML for SSL.

About this task

The Server.XML is stored in the following location: <lcm install dir>\wlp\usr\servers\lcm\server.xml

Procedure

  1. Add an SSL Configuration block and keystore to the Server.XML file:
    <sslDefault sslRef="defaultSslConfig" />
    <ssl id="defaultSslConfig" keyStoreRef="defaultKeyStore" clientAuthenticationSupported="true"/>
    <keyStore id="defaultKeyStore" password="yourPassword" />
  2. Add an HTTPS port number to your httpEndpoint element:
    <httpEndpoint host="*" httpPort="9305" httpsPort="9443" id="defaultHttpEndpoint"/>
  3. Restart the Cognos LifeCycle Manager Server.
  4. Locate the keystore file. It will be located in the following location: <lcm install dir>\wlp\usr\servers\lcm\resources\security\<keystore name> Keystore name is key.jks.

    Once you have your keystore file, you can import the ca.cer file that you created during your Cognos Analytics install.

  5. Browse to the key tool that is part of the JRE shipped with Cognos LifeCycle Manager. The JRE is found at the following location: <lcm install dir>\jre
  6. Import the ca.cer to two locations:
    1. To the ca certs file under <lcm install dir>\jre\lib\security\cacerts. The command to import the cert will look like:
      <lcm install dir>\jre\bin\keytool -import -trustcacerts -alias myc11install -file <some file location>\ca.cer -keystore <lcm install dir>\jre\lib\security\cacerts
    2. Import the ca.cer file to the keystore for liberty profile using the command:
      <lcm install dir>\jre\bin\keytool -import -trustcacerts -alias myc11install -file <some file location>\ca.cer -keystore <lcm install dir>\wlp\usr\servers\lcm\resources\security\<keystore name>
    -alias is used to add a description to the keystore in case multiple certificates are used.

    The default password for the JRE Keystore is "changeit".

    The password to the liberty profile key store is "yourPassword" as specified in step 1.

Results

Cognos LifeCycle Manager should now be able to communicate using SSL with the Cognos Analytics server that you imported the certificate from.