Planning Analytics

 View Only

  • 1.  IBM PAW SSL Certificate generation

    Posted Fri June 28, 2024 09:05 AM
    Reply

    Hi Team
    Good day

    Problem
    i have got the Signed certificate from Certificate Authority but, I need to generate the private key, primary, intermediate, and root certificates from pkcs12, Security cert. rsp cert file share by client.
    So i can create a .pem file

    Suggestions/Answers you seek
    Please provide some steps to generate the certs via open ssl or links to with proper steps, i was unable to find any proper solution on google.

    Regards
    Prabhjot Singh



    ------------------------------
    Prabhjot Singh phull
    ------------------------------


  • 2.  RE: IBM PAW SSL Certificate generation

    Posted Sun June 30, 2024 09:06 PM
    Reply

    Hi Prabhjot, are you trying to add the TM1 server SSL in PAW, or are you trying to set up SSL for the PAW URL? The procedure is different for TM1 and PAW.

    You create the private key when generating a certificate request file (CRS).

    Your Certificate Authority should send you a bundle containing all necessary certificate files (primary, intermediate, and root certificates).



    ------------------------------
    Vlad Didenko
    Founder at Succeedium
    TeamOne Google Sheets add-on for IBM Planning Analytics / TM1
    https://succeedium.com/teamone/
    Succeedium Planning Analytics Cloud Extension
    https://succeedium.com/space/
    ------------------------------

    Original Message


  • 3.  RE: IBM PAW SSL Certificate generation

    Posted Mon July 01, 2024 03:38 AM
    Reply

    Hi Vlad 

    I am trying the SSL for PAW URL.

    i have got the pkcs12 file from the client Certificate Authority but need to extract, for extraction i was unable to found any exact steps to extract the private key, primary, intermediate, and root certificates from pkcs12.

    Regards
    Prabhjot Singh



    ------------------------------
    Prabhjot Singh phull
    ------------------------------

    Original Message


  • 4.  RE: IBM PAW SSL Certificate generation

    Posted Mon July 01, 2024 02:35 PM
    Reply

    Hi Prabhjot, I prefer using OpenSSL, which is installed with Git, to generate the CSR file.

    openssl req -new -newkey rsa:2048 -nodes -out paw.csr -keyout paw.key -subj "/C=CA/ST=Ontario/L=Toronto/O=Succeedium/OU=IT/CN=paw.succeedium.com"

    This process will produce the private key (paw.key) and certificate request (paw.csr) files. After generating the CSR, you will need to send the CSR file to your Certificate Authority. They will then provide you with the certificate files including the primary, intermediate, and root certificates.

    Then you will need to combine the private key and all certificates into a single pem file (using any text editor) in the following order:

    Name that file as pa-workspace.pem and place it in paw_install_folder/config/

    Make sure SSL is enabled in paw_install_folder/config/paw.env file:

    export EnableSSL=true

    Finally you will need to update the certificates and restart PAW:

    /paw_install_folder/scripts/process_certs.sh

    /paw_install_folder/scripts/paw.sh stop

    /paw_install_folder/scripts/paw.sh start

    HTH



    ------------------------------
    Vlad Didenko
    Founder at Succeedium
    TeamOne Google Sheets add-on for IBM Planning Analytics / TM1
    https://succeedium.com/teamone/
    Succeedium Planning Analytics Cloud Extension
    https://succeedium.com/space/Vlad Didenko
    Founder at Succeedium
    TeamOne Google Sheets add-on for IBM Planning Analytics / TM1
    https://succeedium.com/teamone/
    Succeedium Planning Analytics Cloud Extension
    https://succeedium.com/space/
    ------------------------------

    Original Message


  • 5.  RE: IBM PAW SSL Certificate generation

    Posted Mon July 01, 2024 02:18 AM
    Reply

    Hi Prabhjot

    If you can view your certificate you can export the root, intermediate and server certificates one at a time by selecting them to open from the path tab and then clicking on the details tab and exporting to file - select to not include the key file to have access to the text file export options and select the second option. You can then obtain your unencrypted private key file by using openssl. You need to know the password for the certificate file in order to access this. The 2 steps are to extract the key file and then decrypt it. Steps are available by searching openssl.



    ------------------------------
    Paul Coggan
    ------------------------------

    Original Message


  • 6.  RE: IBM PAW SSL Certificate generation

    Posted Mon July 01, 2024 04:47 AM
    Reply

    Hi Paul

    Thank you for your guidance, i was able to find the below articles but havent tried it. not sure the sequence of the steps which article to refer for extracting the private key, primary, intermediate, and root certificates from pkcs12

    Article 1 -https://cogknowhow.tm1.dk/archives/2066

    Article 2-https://www.ibm.com/support/pages/how-configure-ibm-planning-analytics-workspace-custom-ssl-using-existing-keystore

    Regards
    Prabhjot Singh



    ------------------------------
    Prabhjot Singh phull
    ------------------------------

    Original Message


  • 7.  RE: IBM PAW SSL Certificate generation

    Posted Mon July 08, 2024 10:30 AM
    Reply

    Hi Prabhjot,

     

    Quick update on our SSL setup:

    We've switched things up a bit - moved away from app-level SSL for our TM1 Web setup to VM-level security. We're now using the Load Balancer to handle this.

    Tushar from IBM helped us set it up in our TM1 environment. We only installed the root and intermediate certs since they last ages.

     

    Regards,

    Durand de Zylva

     




    Original Message