If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Cognos 11.1.3 SSL Issues

Started by jcw3631, 25 Nov 2019 11:05:54 AM

Previous topic - Next topic

jcw3631

Hello,  I am trying to setup a single server with cognos 11.1.3 and when I test my connection to our Logging DB and Content Store I get the attached errors.  I can connect to them if I set SSL Encryption Enabled to False.  However, our DBA has ssl encryption set on our SQL server to true.  So I need it to be set to True in Cognos Configuration.  IBM said I need to run thirdpartycertficatetool.bat for root, intermediate, and server and then combine them into a chain.  First step in there instructions is to create a request.csr which i believe will be the server cert.  I am just not sure what to do with that file to make it a server cert.  When I change the .csr to .cer it doesnt work with my root and intermediate.  I work for the DOD and our certs are coming from DOD.  So i actually have all 3 certs.  I have included screenshot of what error i am getting.  If i could get some help to resolve this issue.  I would forever be grateful!!  Thanks!!  :)

dougp

request.csr is the certificate request.  Send that to your CA to get it signed.  You'll use the file from the CA's response on your server.

I'm using 11.0.13.  SSL seems to change with every point release (including IBM breaking things or providing incorrect documentation).  For more details about how to proceed, you should get more information from IBM Support.

jcw3631

Who do you use for your CA?  I am just curious.  I work for Air Force so they send us our certificates.  I am not sure they will do anything with that request.csr because its not a DOD cert.  If that makes sense.  I appreciate you replying and hoping someone can help me shed some light on this. 

dougp

We self-sign.  The .csr file is a request.  It is not the cert.  You'll need the cert "signed" by your CA.  There's a process.