Default configuration

When you install IBM® Planning Analytics Local, all certificates and other files required to configure TLS are placed in the <PA_install_directory>\bin64\ssl directory.

When you install Planning Analytics Local, the Admin Server, TM1® Server, and TM1 clients are all configured to use TLS, relying on the certificates installed in the <PA_install_directory>\bin64\ssl directory. Although these certificates allow you to configure a TLS implementation, you should replace these certificates with your own certificates (as well as a certificate revocation list) if you want to maximize security.

For TM1 Web, all root certificates must be installed in the certificate store on the machine that the servers are using to run TM1 Web.

The <PA_install_directory>\bin64\ssl directory contains the following certificates and files. Files with a .pem extension are Privacy Enhanced Mail format. Files with a .der extension are Distinguished Encoding Rules.

applixca.der

The original default certificate in DER format used for Java™ certificate stores.

applixca.pem

The original root authority certificate.

ibmtm1.arm

The default certificate file.

ibmtm1.crl

The certificate revocation list.

ibmtm1.kdb

The key database file, which contains the server certificate and trusted certificate authorities.

ibmtm1.rdb

The requested key pair and the certificate request data.

ibmtm1.sth

The key store, which contains passwords to the key database file.

tm1ca_v2.der

The updated default certificate.

tm1ca_v2.pem

The updated default root authority certificate.

tm1store

The Java certificate store containing the public root authority certificate.