Configure the Web Tier to use custom TLS

These steps provide an overview of the process to configure encrypted communication using Transport Layer Security (TLS) for TM1® Web, TM1 Applications, and TM1 Application Gateway in IBM® Planning Analytics Local.

All secured communication between clients and servers in Planning Analytics Local uses Transport Layer Security (TLS) 1.2.

When Planning Analytics is configured to use TLS, you access TM1Web, TM1 Applications, and TM1 Application Gateway by using HTTPS instead of HTTP. Planning Analytics provides a default configuration that gets stored in the CAMKeystore file in the /configuration/certs/ directory of the Planning Analytics installation.

You can configure encrypted communication with the default configuration for development and testing. However, you should configure custom certificates for production systems.

Custom certificates need to be signed by a third-party certificate authority (CA). You can use the IBM Key Management tool to create a certificate and import the certificate back into Planning Analytics after it is signed by a third-party CA. You can also import an existing keystore that contains a server key and matching certificates that are already signed by a CA that is external to Planning Analytics.

Important: Before you follow these steps, stop the IBM Cognos® TM1 service and back up the CAMKeystore and cogstartup.xml files, or back up the configuration directory of your Planning Analytics installation.