Enabling SSL for communications with Microsoft SQL Server databases

You can enable secure sockets layer (SSL) protocol for communications between IBM® Cognos® Analytics with Watson and Microsoft SQL Server databases.

The databases that can be configured are the Content Manager, Notification, Mobile, Human Task and Annotation Services, and Logging databases.

For more information about configuring SQL Server for SSL, see the documentation for your version of Microsoft SQL Server.

Note: Microsoft SQL server uses different driver JAR file names, such as sqljdbc4.jar, sqljdbc41.jar, and sqljdbc42.jar. Officially, sqljdbc42.jar supports JRE8, which is the version that is used by IBM Cognos Analytics with Watson.

Before you begin

Ensure that you enable SSL on your database server before you perform the steps in IBM Cognos Configuration.

Procedure

  1. Obtain the root Certificate Authority (CA) certificate that issued your SQL Server certificate, and copy the CA certificate to the computer where Cognos Analytics is installed, to a location that's easy to access. For example, if the certificate name is sqlcert.cer, the location can be c:\sqlcert.cer.

    Then, from a command line tool, run the following command:

    C:\Progra~1\ibm\cognos\analytics\ibm-jre\jre\bin\keytool 
    -import -trustcacerts -file "c:\sqlcert.cer" 
    -keystore C:\Progra~1\ibm\cognos\analytics\ibm-jre\jre\lib\security\cacerts 
    -alias SQLCert
    Note: The example uses the default Cognos Analytics installation location.
  2. Edit the install_location\bin64\cogconfig.bat (Windows) or install_location\bin64\cogconfig.sh (Linux, UNIX) file by adding the following line after the line set J_OPTS=%DD_OPTS% %J_OPTS%:
    Windows:
    
    set J_OPTS="-Dcom.ibm.jsse2.overrideDefaultTLS=true" %J_OPTS%
    Linux, UNIX:
    
    JAVA_OPTS=$JAVA_OPTS -Dcom.ibm.jsse2.overrideDefaultTLS=true
  3. Start IBM Cognos Configuration by double-clicking the cogconfig file that you modified in step 3.
  4. Under Data Access, click the database name that you want to configure. For example, to configure the content store database, under Content Manager, click the database name.

    Other databases that can be configured are Notification, Mobile, Human Task and Annotation Services, and Logging.

    Tip: To configure the Logging database, go to Environment > Logging.
  5. In the properties pane, click the SSL Encryption Enabled property, and set its value to True.
  6. Test the connection, and save your configuration.
  7. Start IBM Cognos Analytics with Watson. The full server name in SQL Server Configuration Manager must match the name in the certificate. For example, mycomputer.canlab.ibm.com, and not localhost.