Default configuration
When you install IBM® Planning Analytics Local, all certificates and other files required to configure TLS are placed in the <PA_install_directory>\bin64\ssl directory.
When you install Planning Analytics Local, the Admin Server, TM1® Server, and TM1 clients are all configured to use TLS, relying on the certificates installed in the <PA_install_directory>\bin64\ssl directory. Although these certificates allow you to configure a TLS implementation, you should replace these certificates with your own certificates (as well as a certificate revocation list) if you want to maximize security.
For TM1 Web, all root certificates must be installed in the certificate store on the machine that the servers are using to run TM1 Web.
The <PA_install_directory>\bin64\ssl directory contains the following certificates and files. Files with a .pem extension are Privacy Enhanced Mail format. Files with a .der extension are Distinguished Encoding Rules.
- applixca.der
- The original default certificate in DER format used for Java™ certificate stores.
- applixca.pem
- The original root authority certificate.
- ibmtm1.arm
- The default certificate file.
- ibmtm1.crl
- The certificate revocation list.
- ibmtm1.kdb
- The key database file, which contains the server certificate and trusted certificate authorities.
- ibmtm1.rdb
- The requested key pair and the certificate request data.
- ibmtm1.sth
- The key store, which contains passwords to the key database file.
- tm1ca_v2.der
- The updated default certificate.
- tm1ca_v2.pem
- The updated default root authority certificate.
- tm1store
- The Java certificate store containing the public root authority certificate.