Configure the Cognos TM1 ETLDAP Utility to use TLS

Before you can connect to the LDAP server using TLS, you must run the following command to add your certificate to the IBM® Cognos® TM1® keystore in the <PA_install_directory>bin64\jre\8.0\bin directory:

Example:

keytool -keystore "C:\Program Files\IBM\cognos\tm1_64\bin64\ssl\tm1store" 
-alias Applixldapca -import -file c:\temp\certificate_name.cer

In this command, substitute the name of your certificate file for certificate_name.cer.

When prompted for the keystore password, enter 'applix'.

You will receive confirmation that the certificate was added to the Cognos TM1 keystore.

When connecting to the LDAP server, you must select the SSL option. If you do not select the SSL option, the LDAP server will not be able to authenticate your user information.

When running the ETLDAP utility from a command line, you must use the following two parameters to enable TLS.

Parameter

Description

-Djavax.net.sll.truststore

Use this parameter to specify the full path to the Java™ certificate store containing the public root authority certificate.

For example, to use the Java certificate store installed with TM1, use the parameter -Djavax.net.sll.truststore= C:\Program Files\IBM\cognos\tm1_64\bin\ssl\tm1store

-Djavax.net.ssl.trustStorePassword

Use this parameter to specify the password used to create the Java certificate store.

For example, to specify the password used to create the Java certificate store installed withTM1, use the parameter -Djavax.net.ssl.trustStorePassword=applix