+

Search Tips   |   Advanced Search

Configure Cognos for SSL

Set up IBM Cognos to handle secure https URLs.

To enable IBM Cognos components to use an SSL-enabled Web server, have copies of the trusted root certificate (the certificate of the root Certificate Authority which signed the Web server certificate) and all other certificates that make up the chain of trust for the Web server's certificate. These certificates must be in Base64 encoded in ASCII (PEM) or DER format, and must not be self-signed, because self-signed certificates will not be trusted by IBM Cognos components.

  1. Import certificates into IBM Cognos Transformer Trust Store.

    1. Launch a Command Prompt on the machine Transformer installed on. Change directory into the ..\<transformer installation>\bin. For example:

      • IBM AIX , Linux: /opt/IBM/CognosTF/bin/

      • Microsoft™ Windows™: C:\IBM\CognosTF\bin

    2. Repeat the following command for each certificate (root and intermediate-level certificates):

      • AIX or Linux: ./ThirdPartyCertificateTool.sh -T -i -r CA_certificate_fileName -D ../configuration/signkeypair -p password

      • Windows: ThirdPartyCertificateTool.bat -T -i -r CA_certificate_fileName -D ..\configuration\signkeypair -p password

      Replace CA_certificate_fileName with the correct filenames of the Root and Intermediate-level certificates.

      The trust store password should have been set by the administrator, the default is NoPassWordSet. If the ThirdPartyCertificateToolbat is unable to locate a valid JRE, you have to set the JAVA_HOME environment variable to the Java™ Runtime Environment (JRE) the product is configured to use. For example:

      • AIX or Linux: export JAVA_HOME=/usr/java/jre

      • Windows: set JAVA_HOME=<Cognos_Installation>\bin\jre\6.0

      For example:

      • AIX or Linux: ./ThirdPartyCertificateTool.sh -T -i -r c:\hostname_Certificate.cer -D ../configuration/signkeypair -p NoPassWordSet

      • Windows: ThirdPartyCertificateTool.bat -T -i -r c:\hostname_Certificate.cer -D ..\configuration\signkeypair -p NoPassWordSet

  2. Configure Cognos Transformer and BI to use HTTPS.

    1. Configure Cognos Transformer :

      1. Set the JAVA_HOME variable: Navigate to the WAS_install_root/bin directory. For example: IBM AIX or Linux: /opt/IBM/WebSphere/AppServer/bin Microsoft™ Windows™: C:\IBM\WebSphere\AppServer\bin

      2. Run:

        1. AIX or Linux: setupCmdLine.sh

        2. Windows: setupCmdLine.bat

      3. (AIX or Linux) Set environment variables to point to the Cognos BI Server’s /bin directory by running the following command. By default, the Transformer’s environment variables point to its own directory, so change them to point to the BI Server’s directory:

        • AIX: export LIBPATH=/opt/IBM/CognosBI/bin64/

        • Linux: export LD_LIBRARY_PATH=/opt/IBM/CognosBI/bin64/

      4. Start the Cognos Transformer Configuration Tool: Navigate to the /bin directory of the Cognos BI server install directory. For example:

        • IBM AIX, Linux:/opt/IBM/CognosTF/bin/

        • Microsoft™ Windows™: C:\IBM\CognosTF\bin

      5. Start the Cognos Configuration tool ...

        • AIX, Linux: ./cogconfig.sh

        • Windows: cogconfigw.exe

      6. ExpandLocal Configuration > Environmentand edit the URLs for the following properties by replacing the http URLs with https URLs.

        • Gateway Settings

        • Other URI Settings

        Attention: The URLs must be updated to point to the HTTP server's host name and port number. The port number must be included even if it is the standard port 80.

      7. Save the changes.

      8. Exit the Cognos Configuration tool. We do not need to restart the Transformer component.

    2. Configure Cognos BI to use https :

      1. Start the Cognos Configuration Tool by navigating to the /bin64 directory of the Cognos BI server install directory. For example:

        • IBM AIX, Linux: /opt/IBM/CognosBI/bin64/

        • Windows: C:\IBM\CognosBI\bin64

      2. Start the Cognos Configuration tool ...

        1. AIX, Linux: ./cogconfig.sh

        2. Windows: cogconfigw.exe

      3. ExpandLocal Configuration > Environment to edit the URLs for the following properties by replacing http URLs with https URLs.

        Attention: The URLs must be updated to point to the HTTP server's host name and port number. The port number must be included even if it is the standard port 80.

        In the Gateway Settings section, change only the Dispatch URIs for gateway attribute.

        In the Other URI Settings section, change only the Dispatcher URI for external applications attribute.

      4. Save the changes.

      5. Exit the Cognos Configuration tool, making sure to select No at the following prompt:

          The service 'IBM Cognos' is not running on the local computer. Before we can use it the computer must start the service. Do to start this service before exiting?

      6. Restart the Cognos server.


Parent topic:
Configure Cognos Business Intelligence to use IBM HTTP Server

Previous topic: Configure Cognos Transformer to use HTTP