Question & Answer
How can SSL communication between Modeler and TM1 be enabled? Error thrown when trying to connect via HTTPS when the certificate is not present: Request Fail Do not support the certification. Please import TM1 certification to the Modeler server's JRE
1.) On the TM1 Server, search for and find the applixca.pem file (default dir is \tm1_install_dir\bin64\ssl\)
2.) Copy this file to Modeler or Modeler Server to C:\ or for Linux/Unix to /root/
3.) Launch a command prompt (shell if Unix/Linux as a user with root access)
4.) Change the directory to <Modeler>/jre/bin
5.) Execute the keytool utility pointing it to the TM1 file:
Windows> .\keytool.exe -import -keystore ..\lib\security\cacerts -file C:\applixca.pem
Unix> ./keytool -import -keystore ../lib/security/cacerts -file /root/applixca.pem
(/root/applixca.pem needs to be changed to the location you put the TM1 cert file)
6.) At the Enter keystore password prompt enter changeit
7.) At the Trust this certificate? prompt enter yes
You should see Certificate was added to keystore. This indicates that the SSL cert was successfully added.
Restart Modeler/Modeler Server for the change to take effect.
Note: As of TM1 10.2.2 Fix Pack 6 (FP6), all SSL-secured communication between client and server uses Transport Layer Security (TLS) 1.2. Older TM1 clients will not recognize TLS 1.2 and Modeler Clients prior to version 18 fix pack 1 will not recognize TLS 1.2.
When Modeler is making a connection to TM1, it is in a way acting as a client to TM1. It is necessary to add the following parameter to the tm1s.cfg file to resolve the issue.
After adding this parameter, you must restart the TM1 server.
NOTE: As of the release of Planning Analytics 2.0.0, (which runs TM1 11.x), the certificate name has changed to ibmtm1.arm. The steps above still apply for importing the certificate.
For more information see Technote #7048181
21 June 2018