In a distributed installation, the IBM®
Cognos® computers obtain the cryptographic keys from Content
Manager. If you change the cryptographic keys in Content Manager, such as by reinstalling Content
Manager, you must delete the cryptographic keys on the other IBM
Cognos computers. You must then save the configuration on
each computer so that they obtain the new cryptographic keys from Content Manager. In addition, all
IBM Controller components in a distributed installation must
be configured with the same cryptographic provider settings.
Procedure
- Start IBM Controller Configuration.
- In the Explorer window, under Security,
click Cryptography.
- In the Properties window, change
the default values by clicking the Value box
and then selecting the appropriate value:
- On computers that do not contain Content Manager, if you do not
want to store the CSKs locally, under CSK settings,
change Store symmetric key locally to False.
When Store
symmetric key locally is False,
the key is retrieved from Content Manager when required. The Common
symmetric key store location property is ignored.
- If you want the computers at both ends of a
transmission to prove their identity, under SSL Settings,
change Use mutual authentication to True.
We
recommend that you do not change the Use confidentiality setting.
- If you want to change the digest algorithm, for the Digest
algorithm property, select another value.
- From the File menu, click Save.
- Test the cryptographic provider on a gateway computer only.
In the Explorer window, right-click Cryptography and
click Test.
IBM Controller components check the availability of the
symmetric key.
Results
After you configure the cryptographic provider, passwords
in your configuration and any data you create are encrypted.