Create the certificate signing request (CSR) files
Before you begin
On UNIX or Linux operating systems, ensure that you set a JAVA_HOME environment variable before you use the ThirdPartyCertificateTool.
Windows installations, you can run the
tool with the
-java:local command to use the JRE that is provided with the
installation, as shown in the following example:
-c -d ...
About this task
If you changed the Key store password in IBM® Cognos Configuration, under , use the new password as the keystore_password when running the ThirdPartyCertificateTool commands below. The default password is NoPassWordSet.
- From the install_location\bin directory, run the ThirdPartyCertificateTool.
Type the following command to create the certificate signing request for the crypto key:
- On UNIX or Linux®,
ThirdPartyCertificateTool.sh -c -e -d "CN=EncryptCert,O=MyCompany,C=CA" -r encryptRequest.csr -p keystore_password -a RSA
- On Windows,
ThirdPartyCertificateTool.bat -c -e -d "CN=EncryptCert,O=MyCompany,C=CA" -r encryptRequest.csr -p keystore_password -a RSA
The distinguished name (DN) value in the command (
"CN=EncryptCert,O=MyCompany,C=CA")uniquely identifies theCognos Analytics installation. The attributes that are used in this parameter reflect a hierarchical structure in your organization.
The password that you enter for this key must be used again when you import the certificate, and again in IBM Cognos Configuration.
- On UNIX or Linux®, type
- Run the command.
You can ignore any warnings about logging.Important: The certificates that are generated by your CA must be PEM (Base-64 encoded ASCII) format.
The command generates the following CSR files:
- The CAMKeystore file in the install_location\configuration\certs directory.
- The encryptRequest.csr file in the install_location\bin directory.
What to do next
After the CSR files are generated, perform the following steps:
- Share the crypto key file encryptRequest.csr, or its contents, with the
Using this key, the CA produces a crypto key certificate, a root certificate, and an intermediate certificate for the request, and shares them with your organization.
For details about the certificate exchange process between your organization and the external CA, see the CA documentation.
- Copy the certificates from the external CA to the Cognos Analytics installation directory, such as install_location\configuration\bin.
- Import the certificates into your Cognos Analytics key store. For more information, see Import the certificate authority (CA) certificates.