If you use Secure Sockets Layer (SSL) on IBM®
Cognos® Analytics with Watson with
IBM HTTP Server V9 as your web server, you must set up SSL between WAS Web Server Plug-ins and the
Cognos
Analytics
application server by extracting the IBM Cognos certificate and adding it to the WAS Web Server
Plug-ins trust store.
If you use SSL on IBM HTTP Server V9, configure your environment as documented in the article
Configuring IBM HTTP Server with SSL.
Procedure
-
Start the IBM
Cognos Analytics with Watson
application server that is configured to use SSL.
-
Copy the
Server
section from the
Cognos_Analytics_applicaton_server_install_root/wlp/usr/servers/cognosserver/logs/state/plugin-cfg.xml
file to the plug-in/config/webserver1/plugin-cfg.xml file. Ensure that the
Cognos
Analytics
https
entry point is specified, as shown in the following example:
<Server CloneID="a4949c5e-cb36-40dd-9f43-58702daf7b1a" ConnectTimeout="5"
ExtendedHandshake="false" LoadBalanceWeight="20" MaxConnections="-1"
Name="default_node_cognosserver" ServerIOTimeout="900" WaitForContinue="false">
<Transport Hostname=“hostname” Port=“xxx” Protocol="https">
<Property Name="keyring" Value="D:\install\IBM\WebSphere\Plugins\config\
webserver1\plugin-key.kdb"/>
<Property Name="stashfile" Value="D:\install\IBM\WebSphere\Plugins\config\
webserver1\plugin-key.sth"/>
</Transport>
</Server>
-
In the Plug-in/config/webserver1/plugin-cfg.xml file, add the following
attribute to the
Config
section:
-
Obtain the IBM Cognos certificate by using the following steps:
-
Go to the Cognos
Analytics
applicaton_server_install_root/bin directory.
-
Extract the certificate by typing a command that is appropriate for your operating system.
On UNIX or Linux®
operating systems, type
ThirdPartyCertificateTool.sh -E -T -r destination file -p NoPassWordSet
On Windows operating systems, type
ThirdPartyCertificateTool.bat -E -T -r destination file -p NoPassWordSet
-
Copy the .cert file, for example ca-host1.cert, that
was generated in step 4 to WAS Web Server Plug-ins host.
-
Add the Cognos
Analytics
.cert file to the WAS Web Server Plug-ins key store
plugin-key.kdb. If the plugin-key.kdb file does not exist,
create one as described in step 7.
You can use different methods to add the .cert file to the key store. The
following steps describe how to do that by using the gskcapicmd
tool that is
shipped with IHS V9.
-
Go to the IHS9 ROOT folder.
-
Type a command that is appropriate for your operating system.
On UNIX or Linux
operating systems, type
bin/gskcapicmd -cert -add -db WAS_Plugin_root/config/webserver1/plugin-key.kdb
-stashed -label ca-host1 -file ca-host1.cert
On Windows operating systems, type
bin\gskcapicmd.bat -cert -add -db WAS_Plugin_root\config\webserver1\plugin-key.kdb
-stashed -label ca-host1 -file ca-host1.cert
For information about other methods of adding certificate files to the key store, search IBM Knowledge Center
(www.ibm.com/support/knowledgecenter/SSEP7J_11.0.0).
-
Create an empty key store for WAS Web Server Plug-ins:
-
Go to the IHS9 ROOT folder.
-
Type a command that is appropriate for your operating system.
On UNIX or Linux
operating systems, type
bin/gskcapicmd -keydb -create -db WAS_Plugin_root/config/webserver1
/plugin-key.kdb -pw xxx -stash
On Windows operating systems, type
bin\gskcapicmd.bat -keydb -create -db WAS_Plugin_root\config\webserver1
\plugin-key.kdb -pw xxx -stash