Question & Answer
This Technote explains the process to configure Planning Analytics 2.0 Local TM1 Server for CAM Authentication when using a Cognos BI Dispatcher with SSL enabled. To configure TM1 Server 10.2.2 and lower to work with a Cognos BI Dispatcher using SSL please see: http://www-01.ibm.com/support/docview.wss?uid=swg21980367. The process to configure CAM Authentication with a SSL enabled Cognos BI Dispatcher has changed in Planning Analytics 2.0 as the CAMSSLCertificate and SkipSSLCAMHostCheck parameters in the tm1s.cfg file have been deprecated. A list of changed and deprecated parameters in the tm1s.cfg file for Planning Analytics 2.0 can be found here: http://www-01.ibm.com/support/docview.wss?uid=swg27047055.
The following parameter must be added to the tm1s.cfg file.
The root and any intermediate CA (signing) certificates for the Cognos BI or Analytics Dispatcher must also be imported into the key database used by the TM1 Server. By default this key database file is <TM1 Server>\bin64\ssl\ibmtm1.kdb.
The root and intermediate CA certificates for the BI Dispatcher can typically be obtained by browsing to the Cognos BI Dispatcher URL (e.g https://cognosbi.ibm.com:9300/p2pd/servlet/dispatch) using Internet Explorer and then clicking on the lock icon to the right of the URL, then clicking View certificates. The certificates can be exported to a Base-64 encoded cer file.
To import the certificates into the key database run the following command from the TM1 Server installations bin64 directory.
gsk8capicmd_64 -cert -add -db .\ssl\ibmtm1.kdb -stashed -label cognosbi -file .\ssl\cognosbica.cer -format ascii -trust enable
The above command assumes the certificates are in a file named cognosbica.cer that has already been copied into the <TM1 Server>\bin64\ssl\ directory.
Restart the TM1 Server after making the above changes.
15 June 2018