Configure the Planning Analytics Administration Agent with an existing keystore

You can replace the default keystore used by Planning Analytics Administration agent with your own.

Before you begin

The TM1 Admin Server and TM1 Server must already be secured using custom certificates/keystore

Back up the <pa_install_dir>\paa_agent\wlp\usr\servers\kate-agent\server.xml file to a different directory.

Set the PA_INSTALL_DIR environment variable

Procedure

Open a Command Prompt as administrator.
Execute this command to set the environment variable:

set PA_INSTALL_DIR=<path_to_Planning_Analytics_installation_dir>

For example, PA_INSTALL_DIR=C:\Program Files\ibm\tm1_64.

Convert the IBMTM1 keystore to PKCS12 format for Planning Analytics Administration agent

Procedure

Open Windows Services panel.
Stop the IBM Planning Analytics Administration Agent service.
Open a Command Prompt as administrator.
Execute this command to navigate to the \bin64 directory in the Planning Analytics installation directory:

cd "%PA_INSTALL_DIR%\bin64\"

Execute this command to convert the ibmtm1 keystore file to a PKCS12 keystore for the Planning Analytics Administration Agent:

gsk8capicmd_64 -keydb -convert -db "%PA_INSTALL_DIR%\bin64\ssl\ibmtm1.kdb" -stashed -old_format kdb 
-new_db "%PA_INSTALL_DIR%\bin64\ssl\ibmtm1.p12" -new_pw "CustomPA!@" -new_format pkcs12

Review the <Planning_Analytics_installation_dir>\bin64\ssl\ directory to confirm that the ibmtm1.p12 file is present.
Open the <Planning_Analytics_installation_dir>\paa_agent\wlp\usr\servers\kate-agent\server.xml file.
Update the keyStore to point to the new ibmtm1.p12 custom keystore:

<keyStore id="defaultKeyStore" location="../../../../../bin64/ssl/ibmtm1.p12" type="pkcs12" password="CustomPA!@"/>
Save and close server.xml.

What to do next

Any applications that communicate with the Planning Analytics Administration Agent must be updated to trust the new custom certificates For example, Configure TLS between Planning Analytics Workspace Local and other servers.