Configure the Cognos® TM1® Java API to use TLS

The certificates used by a Java™ client to validate the server must reside in either the Java system cacerts truststore file or be specified on the application command line.

The Java system cacerts truststore resides in the Java \lib\security directory.

The default password for cacerts is "changeit". Java provides an executable named keytool.exe to change it. For example:

keytool -keystore ..\lib\security\cacerts -alias Company -import 
-file Companyca.der

Optionally, if access is restricted to the system cacerts truststore, a truststore can be created. For example:

keytool -keystore tm1store -alias Companyca -import -file ACompanyca.der 

When starting the Java application this keystore must be specified. If a password is required it must be provided as well. For example:

java -Djavax.net.ssl.trustStore=bin\ssl\tm1store 
-Djavax.net.ssl.trustStorePassword=<password>

Further information is provided in the API specification for the Java 2 Platform Standard Edition. The minimum Java version supported is 1.4.2.