How Do I configure RRDI to use HTTPS from the command line (without disabling HTTP on the report server)?
How Do I configure RRDI to use HTTPS from the command line (without disabling HTTP on the report server)?
for some reasons you may not be able to export the graphics on a linux server and are not able to user user interface for cognos configuration and ikeyman as described in the infocenter
for some reasons you may not be able to export the graphics on a linux server and are not able to user user interface for cognos configuration and ikeyman as described in the infocenter
2 answers
1- you first need to change the Gateway URI in Cognos configuration to use the new URL with the HTTPS protocol
you would normally do that by starting the program Cognos configuration and modify it in the Environment section.
NOTE: If you intend to disable HTTP, you would need to modify more URLS in the configuration as per:
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_config_https.html
Through the command line you would use Cognos Configuration in silent mode, to first export the current configuration to an xml file, modify the URLs in the XML and then reimport the XML to update the file cogstartup.xml:
export the current configuration:
cd <RRDI install Dir>/cognos/bin64
./cogconfig.sh -e myconf.xml
make your changes in myconf.xml.
import the change back to the configuration:
./cogconfig.sh -s -startupfile myconf.xml
2- update the file jazzns_config.xml to use the new URL
this file is located in the <RRDI install Dir>/cognos/configuration folder
Restart the Report Server.
3- In the CLM applications, update the URLs to point to the Report server using HTTPS
go to jts/admin
go to the report section
modify the custom report connection URL
in the Advanced properties, modify:
"Trusted URIs for client authorization and redirection" to use the new URL
Do the same for QM and CCM.
4- import the report server certificate to the JTS Java keystore.
access the report server through a web browser
NOTE: if you are using a reverse proxy to access the Report server, use the URL that contains the reverse proxy.
save the certificate to your local machine
move the certificate to the JTS server
you can use ikeyman as described here:
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_int_ssl_reportsrv_jazz.html
or use keytool:
keytool -import -keystore "$CLIENT_KEYSTORE" -storepass "$CLIENT_PW"
\-alias "$SERVER_ALIAS" -file "$SERVER_CERTFILE" -noprompt
where
CLIENT_KEYSTORE=[JTSInstallDir]/server/jre/lib/security
CLIENT_PW=changeit
SERVER_ALIAS=reportServer
SERVER_CERTFILE=location of the saved certificate on the JTS server
NOTE: if you are running Tomcat as a service, ensure that you are importing in the right JRE.
Restart the JTS server.
you would normally do that by starting the program Cognos configuration and modify it in the Environment section.
NOTE: If you intend to disable HTTP, you would need to modify more URLS in the configuration as per:
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_config_https.html
Through the command line you would use Cognos Configuration in silent mode, to first export the current configuration to an xml file, modify the URLs in the XML and then reimport the XML to update the file cogstartup.xml:
export the current configuration:
cd <RRDI install Dir>/cognos/bin64
./cogconfig.sh -e myconf.xml
make your changes in myconf.xml.
import the change back to the configuration:
./cogconfig.sh -s -startupfile myconf.xml
2- update the file jazzns_config.xml to use the new URL
this file is located in the <RRDI install Dir>/cognos/configuration folder
Restart the Report Server.
3- In the CLM applications, update the URLs to point to the Report server using HTTPS
go to jts/admin
go to the report section
modify the custom report connection URL
in the Advanced properties, modify:
"Trusted URIs for client authorization and redirection" to use the new URL
Do the same for QM and CCM.
4- import the report server certificate to the JTS Java keystore.
access the report server through a web browser
NOTE: if you are using a reverse proxy to access the Report server, use the URL that contains the reverse proxy.
save the certificate to your local machine
move the certificate to the JTS server
you can use ikeyman as described here:
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_int_ssl_reportsrv_jazz.html
or use keytool:
keytool -import -keystore "$CLIENT_KEYSTORE" -storepass "$CLIENT_PW"
\-alias "$SERVER_ALIAS" -file "$SERVER_CERTFILE" -noprompt
where
CLIENT_KEYSTORE=[JTSInstallDir]/server/jre/lib/security
CLIENT_PW=changeit
SERVER_ALIAS=reportServer
SERVER_CERTFILE=location of the saved certificate on the JTS server
NOTE: if you are running Tomcat as a service, ensure that you are importing in the right JRE.
Restart the JTS server.
Will these same steps apply for Rational Insight? I'm struggling to get the SSL enablement working for the CLM/Insight configuration. Also, can you confirm these are the steps for Tomcat, or will they work for Websphere also?
Comments
yes, theses steps 1 and 2 apply to both Insight and RRDI
step 4 is applicable for CLM running on Tomcat, for CLM running on WAS, refer to step 4d in http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m5/topic/com.ibm.rational.rrdi.admin.doc/topics/t_int_ssl_reportsrv_jazz.html