Configuring the SSL protocol for IBM Cognos components

You can use the Secure Sockets Layer (SSL) protocol for communication between IBM® Cognos® components in single server and distributed installations.

IBM WebSphere Liberty Profile connectors

If the internal dispatcher URI is prefixed with http but the external dispatcher URI is prefixed with https, or vice versa, both the non-SSL Liberty HTTP/1.1 and SSL Liberty HTTP/1.1 connectors are enabled in the server.xml file.

If the internal and external dispatcher URIs use different protocols or ports, the internal dispatcher port is accessible only to the components on the local computer. The internal dispatcher URI must also specify localhost.

Single computer installations

In a single computer installation, if you are not currently using SSL, you must stop the service before changing the protocol to https. After you save the configuration with SSL settings, you can restart the services.

Distributed installations

In distributed installation, you must first configure the default active Content Manager computer to use the SSL protocol and start the services on that computer before you configure the Application Tier and gateway components to use SSL.

Add a computer to an installation

If you add a computer to an SSL-enabled environment, you will be prompted to temporarily accept trust for a certificate when you save the configuration. Accepting the temporary certificate will allow permanent trust to be established with the existing components.

Add a component to a computer

If you add a component to an installation that has already been configured for SSL, the trust to the SSL certificates is inherited from the existing components. If you add the component to a different location on the same computer but to an environment already configured for SSL, you will be prompted to temporarily accept trust for a certificate when you save the configuration. Accepting the temporary certificate will allow permanent trust to be established with the existing components.