Question & Answer
In cases where the ThirdPartyCertificateTool is not working for you there is another tool with name ikeyman. This tool is a java tool and is located in ../jre/bin directory of Cognos Analytics installation. What are the steps via ikeyman, this is described below Import: Close Cognos Connection, it may not stay open execute ..\jre\bin\ikeyman select PKCS12 as key database and file name ist ..\configuration\certs\CAMKeystore Default Passwort ist NoPassWordSet Under "Personal Certificates" please rename encryption to encryption_old Create CSR (button in menu bar, second from right), Key label is encryption (important!) Enter the other settings as you need Key size is 2048 and Signature Algorithm SHA256WithRSA Click OK Let the created CSR.arm sign by your CA or Intermediate CA Once received, open ikeyman, select the keystore as descibed above Under "Personal certificates" you only see ca und encyrption_old Click to "Receive" and select the signed .arm file If there is a popup that say the CA is missing just confirm, the "encyrption" then will be displayed in yellow but no worries Under "Signer Certificates" import the CA and Intermediate CA if necessary When you know go to "Personal Certificates" the "encryption" is no longer yellow that mean the CA chain is valid for that certificate Maybe you get a P12 file that include the signed certificate + CAs (CA and Intermediate), you can import this and you will be aksed if you want to import all, just confirm. Now open Cognos Configuration, verify the settings (set "Use Thirdparty CA?" to True) In Cognos Configuration click on Save Start Cognos Note: Between CSR and Import of signed CSR do not open Cognos Configuration or try to start Cognos. You need to handle it as described in technote http://www-01.ibm.com/support/docview.wss?uid=swg21992784 where you need a backup of your keystore in case there is a time delay between create CSR and sign CSR.
15 June 2018