After you obtain the certificates from the CA,
you must import them to your IBM® Cognos® components.
You
must import the certificates on each computer where you have IBM Cognos components
installed; including Content Manager, the Application Tier Components,
the gateway, and the modeling components.
Tip: The examples in this topic use the default password,
NoPassWordSet. If you change the Key store
password, and the Certificate Authority settings password in IBM
Cognos Configuration, ensure you use the password that you
set.
Before you begin
On UNIX or Linux operating systems, ensure
that you set a JAVA_HOME environment variable before you use the ThirdPartyCertificateTool.
On Microsoft Windows installations, you can run the tool
with -java:local
to use the JRE that is provided
with the installation. For example,
ThirdPartyCertificateTool.bat -java:local -c -d ...
Procedure
-
Create a copy of the crypto certificate and name it
encryptCertificate.cer.
- Create a copy of the root CA certificate and name it ca.cer.
-
Copy the encryptCertificate.cer, and ca.cer files to
the install_location/bin directory.
-
Import the crypto certificate into the IBM
Cognos encryption key store by typing the following
command:
On UNIX or Linux®
operating systems, type
ThirdPartyCertificateTool.sh -i -e -r encryptCertificate.cer -p
NoPassWordSet -t ca.cer
On Windows operating systems, type
ThirdPartyCertificateTool.bat -i -e -r encryptCertificate.cer -p
NoPassWordSet -t ca.cer
Important: Ensure you use the password that you entered when you exported the encryption
key in the previous task.
You can safely ignore any warnings about logging.
The command reads the encryptCertificate.cer and ca.cer
files in the install_location\bin directory and imports the
certificates from both files into the CAMKeystore file in the
certs directory using the specified password.
- Import the CA certificate into the IBM Cognos trust
store by typing the following command:
On UNIX or Linux operating
systems, type
ThirdPartyCertificateTool.sh -i -T -r ca.cer -p
NoPassWordSet
On Windows operating systems, type
ThirdPartyCertificateTool.bat -i -T -r ca.cer -p
NoPassWordSet
The command reads the ca.cer file and imports the contents into the
CAMKeystore file in the certs directory using the
specified password.
Results
You can now configure your IBM Cognos components to use your
CA certificates.