Installing SSL certificate with Insight
Hello all,
After following the instructions on this page:
http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/topic/com.ibm.swg.im.cognos.inst_cr_winux.8.4.0.doc/inst_cr_winux_id18006ConfigureSSLforCognos8.html#ConfigureSSLforCognos8
I got dispatch error and "DPR-CMI-4006 Unable to determine the active Content Manager. " in my cogserver.log. Does anyone know what the issue is?
Also are there any other documentation on how to implement SSL certificate with Insight? Can anyone share any lessons-learned, papers, etc?
Thank you!
Nataliya
After following the instructions on this page:
http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/topic/com.ibm.swg.im.cognos.inst_cr_winux.8.4.0.doc/inst_cr_winux_id18006ConfigureSSLforCognos8.html#ConfigureSSLforCognos8
I got dispatch error and "DPR-CMI-4006 Unable to determine the active Content Manager. " in my cogserver.log. Does anyone know what the issue is?
Also are there any other documentation on how to implement SSL certificate with Insight? Can anyone share any lessons-learned, papers, etc?
Thank you!
Nataliya
3 answers
Hello all,
After following the instructions on this page:
http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/topic/com.ibm.swg.im.cognos.inst_cr_winux.8.4.0.doc/inst_cr_winux_id18006ConfigureSSLforCognos8.html#ConfigureSSLforCognos8
I got dispatch error and "DPR-CMI-4006 Unable to determine the active Content Manager. " in my cogserver.log. Does anyone know what the issue is?
Also are there any other documentation on how to implement SSL certificate with Insight? Can anyone share any lessons-learned, papers, etc?
Thank you!
Nataliya
Nataliya, was the content store database created properly? Do you have the log files for the content store creation?
Hello Petroula,
Content Store was created properly and wasn't an issue in this case. I worked with Cognos support on this. Here is the answer:
The root cause of the problems you are seeing are due to the mismatch in cipher lengths between WAS and Cognos. WAS is using >128 and Cognos must have =<56 bit.
http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/index.jsp?topic=/com.ibm.swg.im.cognos.inst_cr_winux.8.4.1.doc/inst_cr_winux_id16622cnfg_crypto.html
Options:
1. revert your dispatcher references to HTTP and leave gateway ssl on the gateway reference. This will allow for HTTP traffic on intra-component communication only. End users accessing Cognos Connection will still be using SSL / HTTPs for browser to WAS traffic.
2. Enable weak level cyphers in WAS. This should allow you to match WAS to Cognos (56 or lower).
3. Contact the clients sales rep and inquire about the Cognos enhanced Encryption module, this will allow for Cognos to recognize ciphers > 56bit. Special licensing may be required.
We went with option 1 for now. :)
Thank you,
Nataliya
Content Store was created properly and wasn't an issue in this case. I worked with Cognos support on this. Here is the answer:
The root cause of the problems you are seeing are due to the mismatch in cipher lengths between WAS and Cognos. WAS is using >128 and Cognos must have =<56 bit.
http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/index.jsp?topic=/com.ibm.swg.im.cognos.inst_cr_winux.8.4.1.doc/inst_cr_winux_id16622cnfg_crypto.html
Options:
1. revert your dispatcher references to HTTP and leave gateway ssl on the gateway reference. This will allow for HTTP traffic on intra-component communication only. End users accessing Cognos Connection will still be using SSL / HTTPs for browser to WAS traffic.
2. Enable weak level cyphers in WAS. This should allow you to match WAS to Cognos (56 or lower).
3. Contact the clients sales rep and inquire about the Cognos enhanced Encryption module, this will allow for Cognos to recognize ciphers > 56bit. Special licensing may be required.
We went with option 1 for now. :)
Thank you,
Nataliya