Configure a Cryptographic Provider

IBM® Cognos® Controller requires a cryptographic provider. By default, the cryptographic provider uses keys up to 56 bits in length for data encryption and secure sockets layer (SSL) protocol. You can configure other cryptographic providers which use key sizes greater than 56 bits, such as the Enhanced Encryption Module for OpenSSL.

Procedure

  1. Start IBM Cognos Configuration.
  2. In the Explorer window, under Security, Cryptography, click IBM Cognos.
    • If you want to change the location of the signing keys, under Signing key settings, change the Signing key store location property to the new location.
    • If you want to change the location of the encryption keys, under Encryption key settings, change Encryption key store location to the new location.
    • If you want to use another certificate authority, under Certificate Authority settings, change Use third party CA to True.

      You must also ensure that you use the same values for the -k parameter as you used for the Signing key store location and Encryption key store location properties.

    Important: The Confidentiality algorithm value determines how data is encrypted by IBM Cognos components. For example, database passwords entered in IBM Cognos Configuration are encrypted when you save the configuration. The algorithm selected when the data is encrypted must also be available for the data to be decrypted at a later date.

    The availability of confidentiality algorithms can change if there are changes to your environment. For example, if your Java™ Runtime Environment (JRE) has changed or if you have installed another cryptographic software on the computer. If you have made changes to a computer, such as upgraded the JRE or installed software that has upgraded the JRE, this may affect the availability of confidentiality algorithms. You must ensure that the Confidentiality algorithm that was selected when the data was encrypted is also available when you want to access the data.

  3. From the File menu, click Save.

Results

If you use other Certificate Authority (CA) servers, you must now configure IBM Cognos Controller components to use the CA.