You can secure your Jupyter Notebook Server installation with SSL encryption using SSL
certificates.
Note: If the Cognos Analytics server is secured with SSL, then the Jupyter Notebook server must also
be secured with SSL. Similarly, if the Cognos Analytics server is not secured with SSL, the
Jupyter Notebook server must also not be secured with SSL.
Procedure
- Update the config.conf file for SSL encryption.
- Set the value for CERTIFICATES_DIRECTORY_PATH with the path to the directory containing
the authority certificates for the Jupyter server.
- Set the value for PROXY_CERTIFICATE_FILE_PATH with the path to the certificate file for
the Jupyter server.
- Set the value for PROXY_KEY_FILE_PATH with the path to the private key file for the
Jupyter server.
-
Ensure that the administrator specifies https, rather than
http, when they enable IBM Cognos Analytics for Jupyter Notebook.
- Register the Jupyter server with the Cognos Analytics server as a trusted third party
host.
Regardless if Cognos Analytics server is set up for SSL, you must still register the Jupyter
server in the Cognos Analytics trusted service store. Cognos Analytics will not forward a request to
an https target without first verifying (by certificate) that the target is trusted and genuine.
This involves importing a copy of the certificate for the secured Jupyter server to the Cognos
Analytics trusted service store using the ThirdPartyCertificateTool utility
provided with Cognos Analytics, in the
installation_location/bin directory. For more information, see ThirdPartyCertificateTool commands and examples.
For example, to import a certificate, type the following on a command line at the computer where
Cognos Analytics is installed:
ThirdPartyCertificateTool -i -T -p NoPassWordSet -r
fully_qualified_pathname_of_jupyter_certificate_file_in_pem_format
- Only if the Cognos Analytics server is also set up for SSL, register the Cognos
Analytics server with the Jupyter server as a trusted third party host.
- On the computer where Jupyter Server is installed, create a directory where the
certificates will be stored.
- Edit the file config.conf and set the
CERTIFICATES_DIRECTORY_PATH parameter to point to the directory that you just
created.
- For each instance of Cognos Analytics that will connect to the Jupyter Server, copy
the certificate in Privacy Enhanced Mail (PEM) format for the Cognos Analytics server into the
certificates directory that you configured in step 4.b.
Important: Even though the certificates must be in PEM format, they must have
.crt file extensions.
- Rebuild the image:
In Linux, run
jupyter_installation_location/dist/scripts/unix/build.sh
In Windows, run
jupyter_installation_location/dist/scripts/windows/build.bat
- Restart the server:
In Linux, run
jupyter_installation_location/dist/scripts/unix/start.sh
In Windows, run
jupyter_installation_location/dist/scripts/windows/startup.bat
Results
The Jupyter Notebook Server is secured with SSL encryption.