It's all about the answers!

Ask a question

How Do I configure RRDI to use HTTPS from the command line (without disabling HTTP on the report server)?


0
1
Matthieu Leroux (6571612) | asked Feb 07 '14, 5:22 a.m.
JAZZ DEVELOPER
How Do I configure RRDI to use HTTPS from the command line (without disabling HTTP on the report server)?

for some reasons you may not be able to export the graphics on a linux server and are not able to user user interface for cognos configuration and ikeyman as described in the infocenter

2 answers



permanent link
Matthieu Leroux (6571612) | answered Feb 07 '14, 5:23 a.m.
JAZZ DEVELOPER
edited Feb 07 '14, 5:24 a.m.
1- you first need to change the Gateway URI in Cognos configuration to use the new URL with the HTTPS protocol
you would normally do that by starting the program Cognos configuration and modify it in the Environment section.

NOTE: If you intend to disable HTTP, you would need to modify more URLS in the configuration as per:
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_config_https.html

Through the command line you would use Cognos Configuration in silent mode, to first export the current configuration to an xml file, modify the URLs in the XML and then reimport the XML to update the file cogstartup.xml:

export the current configuration:
cd <RRDI install Dir>/cognos/bin64
./cogconfig.sh -e myconf.xml

make your changes in myconf.xml.

import the change back to the configuration:
./cogconfig.sh -s -startupfile  myconf.xml

2- update the file jazzns_config.xml to use the new URL
this file is located in the <RRDI install Dir>/cognos/configuration folder

Restart the Report Server.

3- In the CLM applications, update the URLs to point to the Report server using HTTPS
go to jts/admin
go to the report section
modify the custom report connection URL

in the Advanced properties, modify:
"Trusted URIs for client authorization and redirection" to use the new URL

Do the same for QM and CCM.

4- import the report server certificate to the JTS Java keystore.

access the report server through a web browser
NOTE: if you are using a reverse proxy to access the Report server, use the URL that contains the reverse proxy.

save the certificate to your local machine
move the certificate to the JTS server

you can use ikeyman as described here:
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_int_ssl_reportsrv_jazz.html

or use keytool:
keytool -import -keystore "$CLIENT_KEYSTORE" -storepass "$CLIENT_PW"
\-alias "$SERVER_ALIAS" -file "$SERVER_CERTFILE" -noprompt

where
CLIENT_KEYSTORE=[JTSInstallDir]/server/jre/lib/security
CLIENT_PW=changeit
SERVER_ALIAS=reportServer
SERVER_CERTFILE=location of the saved certificate on the JTS server

NOTE: if you are running Tomcat as a service, ensure that you are importing in the right JRE.

Restart the JTS server.

permanent link
Jackie Albert (1.6k14644) | answered Feb 09 '14, 10:07 p.m.
edited Feb 09 '14, 10:11 p.m.
Will these same steps apply for Rational Insight?  I'm struggling to get the SSL enablement working for the CLM/Insight configuration.   Also, can you confirm these are the steps for Tomcat, or will they work for Websphere also?

Comments
Matthieu Leroux commented Feb 10 '14, 5:03 a.m.
JAZZ DEVELOPER

yes, theses steps 1 and 2 apply to both Insight and RRDI

step 4 is applicable for CLM running on Tomcat, for CLM running on WAS, refer to step 4d in http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_int_ssl_reportsrv_jazz.html

Your answer


Register or to post your answer.