Import the CA certificates into IBM Cognos components

After you obtain the certificates from the CA, you must import them to your IBM® Cognos® components.

You must import the certificates on each computer where you have IBM Cognos components installed; including Content Manager, the Application Tier Components, the gateway, and the modeling components.

Tip: The examples in this topic use the default password, NoPassWordSet. If you change the Key store password, and the Certificate Authority settings password in IBM Cognos Configuration, ensure you use the password that you set.

Before you begin

On UNIX or Linux operating systems, ensure that you set a JAVA_HOME environment variable before you use the ThirdPartyCertificateTool.

On Microsoft Windows installations, you can run the tool with -java:local to use the JRE that is provided with the installation. For example,

ThirdPartyCertificateTool.bat -java:local -c -d ...

Procedure

  1. Create a copy of the crypto certificate and name it encryptCertificate.cer.
  2. Create a copy of the root CA certificate and name it ca.cer.
  3. Copy the encryptCertificate.cer, and ca.cer files to the install_location/bin directory.
  4. Import the crypto certificate into the IBM Cognos encryption key store by typing the following command:

    On UNIX or Linux® operating systems, type

    ThirdPartyCertificateTool.sh -i -e -r encryptCertificate.cer -p NoPassWordSet -t ca.cer

    On Windows operating systems, type

    ThirdPartyCertificateTool.bat -i -e -r encryptCertificate.cer -p NoPassWordSet -t ca.cer

    Important: Ensure you use the password that you entered when you exported the encryption key in the previous task.

    You can safely ignore any warnings about logging.

    The command reads the encryptCertificate.cer and ca.cer files in the install_location\bin directory and imports the certificates from both files into the CAMKeystore file in the certs directory using the specified password.

  5. Import the CA certificate into the IBM Cognos trust store by typing the following command:

    On UNIX or Linux operating systems, type

    ThirdPartyCertificateTool.sh -i -T -r ca.cer -p NoPassWordSet

    On Windows operating systems, type

    ThirdPartyCertificateTool.bat -i -T -r ca.cer -p NoPassWordSet

    The command reads the ca.cer file and imports the contents into the CAMKeystore file in the certs directory using the specified password.

Results

You can now configure your IBM Cognos components to use your CA certificates.