Optionally, you can enable secure sockets layer (SSL) to encrypt a user’s communication with the Web server. To enable SSL on your Web server, you must obtain a Web server certificate signed by a Certificate Authority and install it into your Web server.
To enable ACI components to use an SSL-enabled Web server, you must have copies of the trusted root certificate (the certificate of the root Certificate Authority which signed the Web server certificate) and all other certificates that make up the chain of trust for the Web server’s certificate. These certificates must be in Base64 encoded in ASCII (PEM) or DER format. The certificate must not be self-signed, because self-signed certificates will not be trusted by Cognos components. The certificates must be installed on every computer where you have installed applications that communicate between your database and the Web server (referred to in the steps that follow as Application Tier Components; see your Web server documentation and the Cognos 8 Business Intelligence Architecture and Planning Guide).
Configure the Web server for SSL and start the Web server. See your Web server documentation.
On each Application Tier Components computer that points to the gateway on the Web server, in Cognos Configuration, change the gateway URI from HTTP to HTTPS, and save the configuration.
Important: Do not start the service yet.
On each Application Tier Components computer, go to the
<ATG9dir>/ACI9.3/c8/bindirectory and import all of the certificates that make up the chain of trust, in order starting with the root CA certificate, into the Cognos trust store.Import the certificates by typing the specified command.
On UNIX or LINUX:
ThirdPartyCertificateTool.sh -T -i -r certificate_fileName -D
../configuration/signkeypair/jCAKeystore -p passwordOn Windows:
ThirdPartyCertificateTool.bat -T -i -r certificate_fileName -D
../configuration/signkeypair/jCAKeystore -p passwordNote: The password should have already been set. If not, the default password is NoPassWordSet.
On each Application Tier Components computer, in Cognos Configuration, start the Cognos 8 service.
Notes:
You can verify trust by creating and running a PDF report that contains pictures that are not stored locally but that the gateway gets from a remote computer. If the pictures appear, trust is established.
To avoid being prompted by a security alert for each new session, install the certificate into one of your Web browser’s certificate stores.
In addition, you may want to set up SSL connections between Cognos components and other servers. You must ensure that SSL is set up for the other servers and then you must set up a shared trust between Cognos components and the other servers.
