Cognos Analytics

 View Only
  • 1.  How to connect to a DB2 database with SSL connection in CA

    Posted Fri August 23, 2019 07:56 AM
    Hey everyone,
    I'm testing CA with version 11.1.3 in Windows server 2008 R2. I'm able to connect to db2 database without ssl connection method but I meet error when to connect to a db2 database with SSL connection method with Certificate chaining error: java.security.cert.CertPathValidatorException: Certificate chaining error。 ERRORCODE=-4499, SQLSTATE=08001java.security.cert.CertPathValidatorException: Certificate chaining error。 ERRORCODE=-4499, SQLSTATE=08001com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:  java.security.cert.CertPathValidatorException: The certificate issued by CN=XXXXXXXXXX Root CA, O=XXXXXXXXXXXXX Corporation, C=US is not trusted.
    JDBC URL : jdbc:db2://xxxx.xxxx.xxxx:xxxxx/XXXX:sslConnection=true;
    Driver class names: com.ibm.db2.jcc.DB2Driver
    What I refer document is https://www.ibm.com/support/knowledgecenter/SSEP7J_11.0.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/t_importcacertificates.html?view=embed

    Is it correct document?
    how to config CA to connect to a db2 database via SSL connection?
    Thanks in advance!!!!
    #CognosAnalyticswithWatson


  • 2.  RE: How to connect to a DB2 database with SSL connection in CA

    Posted Mon August 26, 2019 10:32 AM
    That document is specific to Content Store connections.

    I think for your scenario you would need to import the certificate(s) into the jre/lib/security/cacerts keystore.

    ------------------------------
    TREVOR COMEAU
    ------------------------------



  • 3.  RE: How to connect to a DB2 database with SSL connection in CA

    Posted Tue August 27, 2019 03:45 AM
    Hey Trevor Comeau,
    Thanks for your help! May I ask is there any related document how to import the certificate(s) into the jre/lib/security/cacerts keystore?


    ------------------------------
    Vincent
    ------------------------------



  • 4.  RE: How to connect to a DB2 database with SSL connection in CA
    Best Answer

    Posted Tue August 27, 2019 09:53 AM
    Hi Vincent,

    You can use one of the two scripts that reside in the /bin directory to import the certificate(s).

    DLS_SSL_CertImportTool.bat - Import into the /jre/lib/security/cacerts
    DLS_SSL_CertImportTool.bat <path>\certificate.crt

    ThirdPartyCertificateTool.bat - Import into the /configuration/certs/CAMKeystore
    ThirdPartyCertificateTool.bat -T -i -r <path>\certificate.crt -p NoPassWordSet

    If you search on these scripts you should be able to find more information. If you are unsure which keystore to import to you  can import to both.

    You can launch the /jre/bin/ikeyman.exe to see which certificates are imported
    CAMKeystore -> PKCS12 Public Key Crypto Standard (PW: NoPassWordSet)
    cacerts -> JKS/Java Key Store (PW: changeit)

    Cheers,
    Trevor

    ------------------------------
    TREVOR COMEAU
    ------------------------------



  • 5.  RE: How to connect to a DB2 database with SSL connection in CA

    Posted Wed August 28, 2019 06:13 AM
    Thank you TREVOR COMEAU!!!
    I can setup SSL connection to database via your solution.
    You make my day!!!

    ------------------------------
    Vincent
    ------------------------------



  • 6.  RE: How to connect to a DB2 database with SSL connection in CA

    Posted Tue August 27, 2019 10:17 AM
    If you are only using SSL to query a data source, placing the cert into <cognos>\jre\security\certs directory should work
    Shoud you plan to configure Cognos Analytics to use SSL internally and connections run into issues.
    The certificates need to be added to <cognos>\configuration\certs

    ------------------------------
    NIGEL CAMPBELL
    ------------------------------



  • 7.  RE: How to connect to a DB2 database with SSL connection in CA

    Posted Tue August 27, 2019 10:17 AM

    If you are only using SSL to query a data source, placing the cert into <cognos>\jre\security\certs directory should work


    Should you plan to configure Cognos Analytics to use SSL internally and connections run into issues.


    The certificates need to be added to <cognos>\configuration\certs



    ------------------------------
    NIGEL CAMPBELL
    ------------------------------