If you are unable to create a new account, please email support@bspsoftware.com

 

Cognos 11.1.7 trying to renew certs getting PKI entry not found

Started by Penny, 21 Jul 2021 08:06:13 AM

Previous topic - Next topic

Penny

Hello everyone, we recently upgraded our test environment of Cognos Analytics from 11.1.3 to 11.1.7 FP3. That went well with an over the top installation.  I am now trying to regenerate the certificates and getting a PKI Entry not found.

IBM has produced new documentation for certificate managed in Cognos with this version at https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=options-certificate-management-in-cognos-analytics.

One item of note is that instead of manually deleted files and folders related to certs, IBM has a shorter method that has you open Config and set the Use Third Party To CA to false and then save.  Everything went well until I tried to import the new certificate into the keystore.   Prior to that, importing the CA root went without issue.  When I search IBM for the PKI entry not found I find a single article https://www.ibm.com/support/pages/node/1087017 that indicates that the signature algorithm for the certificate must be SHA256WithRSA.  However, the new certificate is definitely the correct signature algorithm.  I did note that in this version the jre location has changed from install_location/jre to install_location/ibm-jre/jre.  I was sure to set my JAVA_HOME environment variable.

I have opened a case with IBM but they immediately sent me the 'old link' for the ssl, and when I responded with a question about the new documentation they responded that they need to compare articles!  

Any advice is greatly appreciated.
Thanks

Penny

RESOLVED:

i missed the step that said to delete the contents of the certs folder before generating the new cert.   I restored to snapshot and repeated with that step and it went very smoothly.