If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

SSL HTTPS IMPLEMENTATION

Started by nairra, 27 Aug 2018 06:21:07 AM

Previous topic - Next topic

nairra

Hi All,

  I have joined a new company and they already have a setup of both Cognos BI and TM1 10.2.2(distributed) I have been assigned a task to implement SSL with IBM HTTP server 8.5.
(Separate CM,App,Web&gateway server)

I have gone through a lot of documents but need assistance.

-Certificates have to be procured from CA, will the CA provide all the certificates ie, the root, intermediary??please mention if any other.
-Can the cn used be like mycompany.com or specifically require myserver.mycompany.com??
-Do we have to raise a request certificate to be sent to the CA which is signed by them??if yes, from which server web,cm,app...

-Can SSL be implemented only for the WebServer and not the Cognos components BI/TM1??ie, applying the certificates to HTTP server only and modifying URI in cognos....or certificates to be applied for cognos components also??

Can anyone assist with the procedure to take me through this??

Thanks In Anticipation...


bdbits

Your CA should provide you with the intermediary cert. It is often downloadable at the CA's web site.

Whether you need the server name as part of the FQDN depends on the type of certificate you purchase. "Wildcard" certificates use *.mycompany.com and can be installed on any server within mycompany.com, but are more expensive.

Yes, you need to issue the CSR to the CA. This is typically done from the server on which you will be installing the certificate. I do not know IBM's server, but in Microsoft IIS you can generate it directly from the IIS management software.

I do not know TM1 so sadly cannot help you there. I would consult the admin guide there.

nairra


nairra

I raised an SR with IBM for the same...Though I have not yet implemented... but this is how the approach would be

SSL Implementation Approach:
-Using IKEYMAN create a key.db, then raise a CSR from the webserver and send to CA (ie,our Corporate security team in our case) for signing.
-Receive the signed certificate from CA
-Open the key.db and Import the CA certificate into the store.
-Make necessary changes for SSL enabling in HTTP.CONF file
-Start web server using command: apachectl start
-Check if accessible/logs for errors and stop service.


In Cognos CM/App server:
-Open Cognos Configuration - Change Gateway URI from HTTP to HTTPS (Not to start the Service yet)
-go to the c10_location/bin directory and import all the certificates that make up the chain of trust
ThirdPartyCertificateTool.sh -T -i -r certificate_fileName -D ../configuration/signkeypair -p password
-On each Application Tier Components computer, in IBM Cognos Configuration, start the IBM Cognos service ie, on CM, APP, web.

Regards,