Import the certificate authority (CA) certificates
You must import the certificates from the external certificate authority (CA) into your IBM® Cognos® Analytics key store.
The import must be done on each computer where the following Cognos Analytics components are installed: Content Manager, the Application Tier Components, the gateway, and the client components such as Framework Manager, and other components if you use them.
Before you begin
On UNIX or Linux operating systems, ensure that you set a JAVA_HOME environment variable before you use the ThirdPartyCertificateTool.
Windows installations, you can run the tool with the
-java:local command to use the JRE that is provided with the installation, as shown
in the following example:
ThirdPartyCertificateTool.bat -java:local -c -d ...
About this task
If you changed the Key store password in IBM Cognos Configuration, under , use the new password as the keystore_password when running the ThirdPartyCertificateTool commands below. The default password is NoPassWordSet.
- Go to the location where you saved the certificate files from the CA authority, and do
- Create a copy of the crypto certificate, and name it encryptCertificate.cer.
- Create a copy of the root CA certificate, and name it ca.cer.
- If the files are not already there, copy the encryptCertificate.cer, and ca.cer files to the install_location/bin directory.
- From install_location/bin directory, start the ThirdPartyCertificateTool command line tool.
- Type the following command to import the CA root certificate into the Cognos
The command reads the ca.cer file and imports the contents into the CAMKeystore file in the certs directory using the specified password.
- On UNIX or Linux® operating systems,
ThirdPartyCertificateTool.sh -i -T -r ca.cer -p keystore_password
- On Windows operating systems,
ThirdPartyCertificateTool.bat -i -T -r ca.cer -p keystore_password
- On UNIX or Linux® operating systems, type
- Optional: If you use intermediate CA certificates, import all the intermediate certificates (ICA) into the Cognos Analytics trust store by using the same commands as in step 4.
Import the crypto certificate into the Cognos
encryption key store by typing the following command:
Important: Ensure that the keystore_password is the same password that you entered when you exported the encryption key in the previous task.
- On UNIX or Linux operating systems,
ThirdPartyCertificateTool.sh -i -e -r encryptCertificate.cer -p keystore_password -t ca.cer
- On Windows operating systems,
ThirdPartyCertificateTool.bat -i -e -r encryptCertificate.cer -p keystore_password -t ca.cer
You can ignore any warnings about logging.
- On UNIX or Linux operating systems, type
The command reads the encryptCertificate.cer and ca.cer files in the install_location\bin directory and imports the certificates from both files into the CAMKeystore file in the install_location/configuration/certs directory using the specified password.
What to do next
You can now configure the Cognos Analytics components to use the CA certificates. For more information, see Enable the external certificate authority (CA).