Cognos® Analytics includes its own cryptographic provider, named Cognos.
Tip: The provider default name Cognos can be changed to any other
name. The provider type is alwaysCognos.
Before you begin
- If you are using a JRE other than the one provided with IBM®
Cognos server, go to the
install_location/ibm-jre/jre/lib/ext, and copy
bcprov-jdkversion.jar to
JRE_location/lib/ext.
- If you are using a JRE other than the one that IBM Cognos
provides, you must also download and install the unrestricted Java™ Cryptograph Extension (JCE) policy file for your JRE to ensure that all available
algorithms and cipher suites are shown in IBM
Cognos Configuration.
Procedure
- Start IBM
Cognos Configuration.
- In the Explorer window, under
, click
Cognos.
- In the Properties window, change the properties as needed.
Tip: For detailed information about each property, view the property description in IBM
Cognos Configuration when you click the property.
- To configure the confidentiality algorithm, under Cryptography,
Confidentiality algorithm or PDF Confidentiality
algorithm, click in the Value column and then select the
algorithm from the drop-down list.
The value of a confidentiality algorithm determines how data is
encrypted by IBM
Cognos components. For example, database passwords entered
in IBM
Cognos Configuration are encrypted when you save the
configuration. The algorithm selected when the data is encrypted must also be available for the data
to be decrypted at a later date.
The availability of confidentiality algorithms can change if there are changes to your
environment. For example, if your Java Runtime Environment
(JRE) has changed or if you have installed other cryptographic software on the computer. You must
ensure that the Confidentiality algorithm that was selected when the data was
encrypted is also available when you want to access the data.
JREs include a restricted policy
file that limits you to certain cryptographic algorithms and cipher suites. If you require a wider
range of cryptographic algorithms and cipher suites, unrestricted (unlimited) policy files are now
provided by default. They can be found here:
- install
location/ibm-jre/jre/lib/security/policy/unlimited/US_export_policy.jar
- install
location/ibm-jre/jre/lib/security/policy/unlimited/local_policy.jar
In addition, for Java that is provided by IBM, the unrestricted JCE policy files are also available here.
- To adjust the cipher suites, under Supported ciphersuites, click in the
Value column and then click the edit icon .
Remove the cipher suites that are not applicable and move the remaining cipher suites up
or down in the list so that the cipher suites in the highest range are higher in the list.
Do not mix cipher suites in the 40- to 56-bit range with cipher suites in the 128- to 168-bit
range.
- To change the location of the crypto keys, under Encryption key settings,
change Encryption key store location to the new location.
- If configuring for HTTPS/SSL, change the Server common name from CAMUSER
to the fully qualified domain name of the server.
- To configure the Subject Alternative Name, specify DNS
names, IP addresses, and Email addresses
(optional) that are associated with the server certificate. The values are added to the Subject
Alternative Name extensions in the server certificate. You can specify multiple values for each
property. Separate the values using the space character.
- From the File menu, click Save.