In a distributed installation, the IBM® Cognos® computers
obtain the cryptographic keys from Content Manager. If you change
the cryptographic keys in Content Manager, such as by reinstalling
Content Manager, you must delete the cryptographic keys on the other IBM Cognos computers.
You must then save the configuration on each computer so that they
obtain the new cryptographic keys from Content Manager. In addition,
all IBM Cognos Controller components in a distributed
installation must be configured with the same cryptographic provider
settings.
Procedure
- Start IBM Cognos Configuration.
- In the Explorer window, under Security,
click Cryptography.
- In the Properties window, change
the default values by clicking the Value box
and then selecting the appropriate value:
- On computers that do not contain Content Manager, if you do not
want to store the CSKs locally, under CSK settings,
change Store symmetric key locally to False.
When Store
symmetric key locally is False,
the key is retrieved from Content Manager when required. The Common
symmetric key store location property is ignored.
- If you want the computers at both ends of a
transmission to prove their identity, under SSL Settings,
change Use mutual authentication to True.
We
recommend that you do not change the Use confidentiality setting.
- If you want to change the digest algorithm, for the Digest
algorithm property, select another value.
- From the File menu, click Save.
- Test the cryptographic provider on a gateway computer only.
In the Explorer window, right-click Cryptography and
click Test.
IBM Cognos components
check the availability of the symmetric key.
Results
After you configure the cryptographic provider, passwords
in your configuration and any data you create are encrypted.