Add certificates to the JRE keystore

The IBM® Cognos® TM1® Operations Console requires a certificate in the Java™ Runtime Environment (JRE) keystore.


  1. Run the Java keytool command to import the certificate into the keystore.
    1. Open a command prompt and change to the following directory:

      location \bin\jre\7.0\bin

      where location is the file directory where Cognos TM1 is installed.

      On 64-bit computers, be sure to add the certificates to the bin64 folder.
    2. Run the following command line. For formatting purposes the command is shown here with line breaks but you should enter the command all on one line.
      keytool -import -file "C:\location\bin\ssl\applixca.pem" 
      -keystore "C:\location\bin\jre\7.0\lib\security\cacerts" 
      -storepass "changeit"

      For 64-bit installations, target the 64-bit folder when dealing with the certificates. For example, this sample command targets the 64-bit jre:

      cd C:\Program Files\ibm\cognos\TM1_64\bin64\jre\7.0\bin

      The following command is an example used on 64-bit systems. For formatting purposes this command is shown with line breaks but you should enter the command all on one line.

      keytool -import -file "C:\Program Files\ibm\cognos\TM1_64\bin64\
      ssl\tm1ca_v2.pem" -keystore "C:\Program Files\ibm\cognos\TM1_64\bin64\
      jre\7.0\lib\security\cacerts" -storepass "changeit"

      If you do not correctly target the 64-bit locations for certificates when running a 64-bit installation, you receive a warning message indicating that you cannot contact the servers.

    3. Enter yes when prompted to trust or add the certificate.
    The following message displays: Certificate was added to keystore
  2. You may need to restart Apache Tomcat to have the change take effect.
    Remember: Re-add certificates any time you re-install Cognos TM1 .