Cognos Analytics

 View Only
  • 1.  3rd Party SSL with pre-existing Wildcard Certificate

    Posted Fri August 02, 2024 05:22 PM

    Good morning everyone, I'm trying to use our existing wildcard CA certificate to replace the Cognos self-signed certificate to handle HTTPS request without Cognos generating CSR. not successful so far, just came across  this post and looks like it may hold the key to my problem:

    3rd Party SSL with pre-existing Wildcard Certificate | Cognos Analytics (ibm.com)

    I have come to the point that I could import the 3rd party CA and private key to CAMKeystore.jks, but the problem is that Cognos continually overwrites that certificate after restarting and restored it back to the old self signed certificate. 

    Have anyone met this problem and how to fix it?

    Thank you for your help!

    Kevin Sun



    ------------------------------
    kevin sun
    ------------------------------



  • 2.  RE: 3rd Party SSL with pre-existing Wildcard Certificate

    Posted Mon August 05, 2024 04:14 PM

    Hello,

    Try setting in AdvancedProperties, StandaloneCertificateAuthority=true. Also check "Use third party CA?" option in Crypto/Cognos.

    Hope this helps.

    Pawel



    ------------------------------
    Pawel Romanek
    ------------------------------



  • 3.  RE: 3rd Party SSL with pre-existing Wildcard Certificate

    Posted Thu August 08, 2024 02:31 PM

    Categorization: Unclassified

    Hi Pawel, thank you for your help, sorry I didn't have a chance to test it again until now.

    I set AdvancedProperties, StandaloneCertificateAuthority=true and Use third party CA=True in Crypto/Cognos, but when restarted, it still went back to the old self signed certificate and the CAMKeystore.jks was overwritten.

     

    Thank you!

     

    Kevin Sun

     

     






  • 4.  RE: 3rd Party SSL with pre-existing Wildcard Certificate

    Posted Fri August 09, 2024 01:30 AM

    Hello,

    Can you chaeck that you do this in the following order?

    1. Set options
    2. Set correct values cn, org in cogos config
    3. stop cognos
    4. Use ikeyman to import cert and ca into CAMKeystore.jks
    5. start cognos

    Best Regards

    Pawel



    ------------------------------
    Pawel Romanek
    ------------------------------



  • 5.  RE: 3rd Party SSL with pre-existing Wildcard Certificate

    Posted Fri August 09, 2024 01:32 AM

    I forgot to add, import key with "encryption" alias into CAM.



    ------------------------------
    Pawel Romanek
    ------------------------------