Configure Cryptographic Settings

In a distributed installation, the IBM® Cognos® computers obtain the cryptographic keys from Content Manager. If you change the cryptographic keys in Content Manager, such as by reinstalling Content Manager, you must delete the cryptographic keys on the other IBM Cognos computers. You must then save the configuration on each computer so that they obtain the new cryptographic keys from Content Manager. In addition, all IBM Cognos Controller components in a distributed installation must be configured with the same cryptographic provider settings.

Procedure

  1. Start IBM Cognos Configuration.
  2. In the Explorer window, under Security, click Cryptography.
  3. In the Properties window, change the default values by clicking the Value box and then selecting the appropriate value:
    • On computers that do not contain Content Manager, if you do not want to store the CSKs locally, under CSK settings, change Store symmetric key locally to False.

      When Store symmetric key locally is False, the key is retrieved from Content Manager when required. The Common symmetric key store location property is ignored.

    • If you want the computers at both ends of a transmission to prove their identity, under SSL Settings, change Use mutual authentication to True.

      We recommend that you do not change the Use confidentiality setting.

    • If you want to change the digest algorithm, for the Digest algorithm property, select another value.
  4. From the File menu, click Save.
  5. Test the cryptographic provider on a gateway computer only. In the Explorer window, right-click Cryptography and click Test.

    IBM Cognos components check the availability of the symmetric key.

Results

After you configure the cryptographic provider, passwords in your configuration and any data you create are encrypted.