Import the certificate authority (CA) certificates

You must import the certificates from the external certificate authority (CA) into your IBM® Cognos® Analytics with Watson key store.

The import must be done on each computer where the following Cognos Analytics components are installed: Content Manager, the Application Tier Components, the gateway, and the client components such as Framework Manager, and other components if you use them.

Before you begin

On UNIX or Linux operating systems, ensure that you set a JAVA_HOME environment variable before you use the ThirdPartyCertificateTool.

On Microsoft Windows installations, you can run the tool with the -java:local command to use the JRE that is provided with the installation, as shown in the following example: ThirdPartyCertificateTool.bat -java:local -c -d ...

About this task

If you changed the Key store password in IBM Cognos Configuration, under Cryptography > cryptographic_provider_name, use the new password as the keystore_password when running the ThirdPartyCertificateTool commands below. The default password is NoPassWordSet.

Procedure

  1. Go to the location where you saved the certificate files from the CA authority, and do the following:
    1. Create a copy of the crypto certificate, and name it encryptCertificate.cer.
    2. Create a copy of the root CA certificate, and name it ca.cer.
  2. If the files are not already there, copy the encryptCertificate.cer, and ca.cer files to the install_location/bin directory.
  3. From install_location/bin directory, start the ThirdPartyCertificateTool command line tool.
  4. Type the following command to import the CA root certificate into the Cognos Analytics trust store:
    • On UNIX or Linux® operating systems, type
      ThirdPartyCertificateTool.sh -i -T -r ca.cer -p keystore_password
    • On Windows operating systems, type
      ThirdPartyCertificateTool.bat -i -T -r ca.cer -p keystore_password
    The command reads the ca.cer file and imports the contents into the CAMKeystore file in the certs directory using the specified password.
  5. Optional: If you use intermediate CA certificates, import all the intermediate certificates (ICA) into the Cognos Analytics trust store by using the same commands as in step 4.
  6. Import the crypto certificate into the Cognos Analytics encryption key store by typing the following command:
    • On UNIX or Linux operating systems, type
      ThirdPartyCertificateTool.sh -i -e -r encryptCertificate.cer -p 
      keystore_password -t ca.cer
    • On Windows operating systems, type
      ThirdPartyCertificateTool.bat -i -e -r encryptCertificate.cer -p 
      keystore_password -t ca.cer
    Important: Ensure that the keystore_password is the same password that you entered when you exported the encryption key in the previous task.

    You can ignore any warnings about logging.

Results

The command reads the encryptCertificate.cer and ca.cer files in the install_location\bin directory and imports the certificates from both files into the CAMKeystore file in the install_location/configuration/certs directory using the specified password.

What to do next

You can now configure the Cognos Analytics components to use the CA certificates. For more information, see Enable the external certificate authority (CA).