Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How Do I configure RRDI to use HTTPS from the command line (without disabling HTTP on the report server)?

How Do I configure RRDI to use HTTPS from the command line (without disabling HTTP on the report server)?

for some reasons you may not be able to export the graphics on a linux server and are not able to user user interface for cognos configuration and ikeyman as described in the infocenter

1

0 votes



2 answers

Permanent link
1- you first need to change the Gateway URI in Cognos configuration to use the new URL with the HTTPS protocol
you would normally do that by starting the program Cognos configuration and modify it in the Environment section.

NOTE: If you intend to disable HTTP, you would need to modify more URLS in the configuration as per:
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_config_https.html

Through the command line you would use Cognos Configuration in silent mode, to first export the current configuration to an xml file, modify the URLs in the XML and then reimport the XML to update the file cogstartup.xml:

export the current configuration:
cd <RRDI install Dir>/cognos/bin64
./cogconfig.sh -e myconf.xml

make your changes in myconf.xml.

import the change back to the configuration:
./cogconfig.sh -s -startupfile  myconf.xml

2- update the file jazzns_config.xml to use the new URL
this file is located in the <RRDI install Dir>/cognos/configuration folder

Restart the Report Server.

3- In the CLM applications, update the URLs to point to the Report server using HTTPS
go to jts/admin
go to the report section
modify the custom report connection URL

in the Advanced properties, modify:
"Trusted URIs for client authorization and redirection" to use the new URL

Do the same for QM and CCM.

4- import the report server certificate to the JTS Java keystore.

access the report server through a web browser
NOTE: if you are using a reverse proxy to access the Report server, use the URL that contains the reverse proxy.

save the certificate to your local machine
move the certificate to the JTS server

you can use ikeyman as described here:
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_int_ssl_reportsrv_jazz.html

or use keytool:
keytool -import -keystore "$CLIENT_KEYSTORE" -storepass "$CLIENT_PW"
\-alias "$SERVER_ALIAS" -file "$SERVER_CERTFILE" -noprompt

where
CLIENT_KEYSTORE=[JTSInstallDir]/server/jre/lib/security
CLIENT_PW=changeit
SERVER_ALIAS=reportServer
SERVER_CERTFILE=location of the saved certificate on the JTS server

NOTE: if you are running Tomcat as a service, ensure that you are importing in the right JRE.

Restart the JTS server.

4 votes


Permanent link
Will these same steps apply for Rational Insight?  I'm struggling to get the SSL enablement working for the CLM/Insight configuration.   Also, can you confirm these are the steps for Tomcat, or will they work for Websphere also?

0 votes

Comments

yes, theses steps 1 and 2 apply to both Insight and RRDI

step 4 is applicable for CLM running on Tomcat, for CLM running on WAS, refer to step 4d in http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_int_ssl_reportsrv_jazz.html

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 6,121
× 403

Question asked: Feb 07 '14, 5:22 a.m.

Question was seen: 7,562 times

Last updated: Feb 10 '14, 5:03 a.m.

Confirmation Cancel Confirm