Cognos ReportNetTM Installation and Configuration Guide
Cognos ReportNetTM Installation and Configuration Guide Cognos ReportNetTM Installation and Configuration Guide
Chapter 7: Advanced Configuration Options Command Information flags Description -d DN to use for certificate -r CSR or certificate file location (depends on mode) -t certificate authority certificate file (only with -i) -p Key Store password (must be provided) -a Key pair algorithm. RSA or DSA. Default: RSA The following sample values are used: Property Signing certificate DN Value CN=SignCert,O=MyCompany,C=CA Encryption certificate DN CN=EncryptCert,O=MyCompany,C= CA Key store password password Steps 1. Go to the crn_location/bin directory. 2. Create the signing certificate request by typing the following command: • On UNIX, type: ThirdPartyCertificateTool.sh -c -s -d "CN=SignCert,O=MyCompany,C=CA" -r signRequest.csr -k ../configuration/signkeypair/jSignKeystore -p password • On Windows, type: ThirdPartyCertificateTool.bat c -s -d "CN=SignCert,O=MyCompany,C=CA" -r signRequest.csr -k ../configuration/signkeypair/jSignKeystore -p password Important: You must type jSignKeystore as the name of the signing key store. Tip: UNIX filenames are case-sensitive and must be entered exactly as shown. 3. Create the encryption certificate request by typing the following command: • On UNIX, type: ThirdPartyCertificateTool.sh -c -e -d "CN=EncryptCert,O=MyCompany,C=CA" -r encryptRequest.csr -k ../configuration/encryptkeypair/jEncKeystore -p password • On Windows, type: ThirdPartyCertificateTool.bat -c -e -d "CN=EncryptCert,O=MyCompany,C=CA" -r encryptRequest.csr -k ../configuration/encryptkeypair/jEncKeystore -p password Important: You must type jEncKeystore as the name of the encryption key store. 4. Input the certificate signing request (CSR) files into the third party certificate authority. For more information, see your third-party CA documentation. The certificate authority produces a signing certificate and an encryption certificate. 5. Copy the contents of the CA certificate into ca.cer 6. Copy the contents of the signing certificate into signCertificate.cer. 7. Copy the contents of the encryption certificate into encryptCertificate.cer 8. Copy ca.cer, signCertificate.cer, and encryptCertificate.cer to crn_location\bin. These files must be Base-64 encoded X.509 format. 88 Cognos ReportNet TM
Chapter 7: Advanced Configuration Options 9. Import the signing certificate by typing the following command: • On UNIX, type: ThirdPartyCertificateTool.sh -i -s -r signCertificate.cer -k ../configuration/signkeypair/jSignKeystore -p password -t ca.cer • On Windows, type: ThirdPartyCertificateTool.bat-i -s -r signCertificate.cer -k ../configuration/signkeypair/jSignKeystore -p password -t ca.cer Important: You must type jSignKeystore as the name of the signing key store. 10. Import the encryption certificate by typing the following command: • On UNIX, type: ThirdPartyCertificateTool.sh -i -e -r encryptCertificate.cer -k ../configuration/encryptkeypair/jEncKeystore -p password -t ca.cer • On Windows, type: ThirdPartyCertificateTool.bat -i -e -r encryptCertificate.cer -k ../configuration/encryptkeypair/jEncKeystore -p password -t ca.cer Important: You must type jEncKeystore as the name of the encryption key store. 11. Import the CA certificate by typing the following command: • On UNIX, type: ThirdPartyCertificateTool.sh -T -i -r ca.cer -k ../configuration/signkeypair/jCAKeystore -p password • On Windows, type: ThirdPartyCertificateTool.bat -T -i -r ca.cer -k ../configuration/signkeypair/jCAKeystore -p password Important: You must type jCAKeystore as the name of the certificate authority key store. Now, you must use your third-party certificate authority configuration tool to add the ReportNet keys and certificate signing requests to your certificate authority. For more information, see your third-party certificate authority documentation. Configure ReportNet to use a Third-Party Certificate Authority You must configure each ReportNet computer to use an external certificate authority by setting the appropriate property in Cognos Configuration. By setting this property, ReportNet assumes that all required keys have been generated and vetted by the external certificate authority. Ensure that the key store locations and password in Cognos Configuration match the ones you typed in the command-line tool. Steps 1. Start Cognos Configuration 2. In the Explorer window, under Security, Cryptography, click Cognos. 3. In the Properties window, under Certificate Authority settings property group, click the Value box next to the Use third party CA property and then click True. Note: When you set this property to true, all properties for the certificate authority and identity name are ignored 4. Configure the following properties to match the ones you typed in the command line utility: • Signing key store location • Signing key store password • Encryption key store location • Encryption key store password • Certificate Authority key store password 5. From the File menu, click Save. 6. If you want to start the ReportNet service, from the Actions menu, click Start. Installation and Configuration Guide 89
- Page 37 and 38: Chapter 4: Configuring ReportNet 3.
- Page 39 and 40: Chapter 4: Configuring ReportNet Co
- Page 41 and 42: Chapter 4: Configuring ReportNet Wh
- Page 43 and 44: Chapter 4: Configuring ReportNet Th
- Page 45 and 46: Chapter 4: Configuring ReportNet St
- Page 47 and 48: Chapter 4: Configuring ReportNet 3.
- Page 49 and 50: Chapter 4: Configuring ReportNet 4.
- Page 51 and 52: Chapter 4: Configuring ReportNet St
- Page 53 and 54: Chapter 4: Configuring ReportNet 6.
- Page 55 and 56: Chapter 4: Configuring ReportNet Ad
- Page 57 and 58: Chapter 4: Configuring ReportNet Ex
- Page 59 and 60: Chapter 4: Configuring ReportNet Sp
- Page 61 and 62: Chapter 4: Configuring ReportNet 3.
- Page 63 and 64: Chapter 5: Installing Framework Man
- Page 65 and 66: Chapter 5: Installing Framework Man
- Page 67 and 68: Chapter 6: Configuring Framework Ma
- Page 69 and 70: Chapter 6: Configuring Framework Ma
- Page 71 and 72: Chapter 6: Configuring Framework Ma
- Page 73 and 74: Chapter 6: Configuring Framework Ma
- Page 75 and 76: Chapter 6: Configuring Framework Ma
- Page 77 and 78: Chapter 7: Advanced Configuration O
- Page 79 and 80: Chapter 7: Advanced Configuration O
- Page 81 and 82: Chapter 7: Advanced Configuration O
- Page 83 and 84: Chapter 7: Advanced Configuration O
- Page 85 and 86: Chapter 7: Advanced Configuration O
- Page 87: Chapter 7: Advanced Configuration O
- Page 91 and 92: Chapter 8: Setting Up the Samples Y
- Page 93 and 94: Chapter 8: Setting Up the Samples 7
- Page 95 and 96: Chapter 8: Setting Up the Samples S
- Page 97 and 98: Chapter 9: Setting Up an Unattended
- Page 99 and 100: Chapter 9: Setting Up an Unattended
- Page 101 and 102: Chapter 10: Uninstalling Cognos Rep
- Page 103 and 104: Appendix A: Manually Configuring Re
- Page 105 and 106: Appendix A: Manually Configuring Re
- Page 107 and 108: Appendix B: Troubleshooting Use thi
- Page 109 and 110: Appendix B: Troubleshooting Unable
- Page 111 and 112: Appendix B: Troubleshooting For Con
- Page 113 and 114: Appendix B: Troubleshooting 2. If y
- Page 115 and 116: Appendix B: Troubleshooting Databas
- Page 117 and 118: Appendix C: Database Schema for Log
- Page 119 and 120: Appendix D: Database Clean Up Scrip
- Page 121 and 122: Glossary anonymous access A method
- Page 123 and 124: Glossary In Framework Manager, name
- Page 125 and 126: Index A adding resources, 103 AIX e
- Page 127 and 128: Index Framework Manager components,
- Page 129 and 130: Index server administration logging
Chapter 7: Advanced <strong>Configuration</strong> Options<br />
Comm<strong>and</strong><br />
Information flags<br />
Description<br />
-d DN to use for certificate<br />
-r CSR or certificate file location (depends<br />
on mode)<br />
-t certificate authority certificate file (only<br />
with -i)<br />
-p Key Store password (must be provided)<br />
-a Key pair algorithm. RSA or DSA.<br />
Default: RSA<br />
The following sample values are used:<br />
Property<br />
Signing certificate DN<br />
Value<br />
CN=SignCert,O=MyCompany,C=CA<br />
Encryption certificate DN CN=EncryptCert,O=MyCompany,C=<br />
CA<br />
Key store password<br />
password<br />
Steps<br />
1. Go to the crn_location/bin directory.<br />
2. Create the signing certificate request by typing the following comm<strong>and</strong>:<br />
• On UNIX, type:<br />
ThirdPartyCertificateTool.sh -c -s -d "CN=SignCert,O=MyCompany,C=CA" -r<br />
signRequest.csr -k ../configuration/signkeypair/jSignKeystore -p password<br />
• On Windows, type:<br />
ThirdPartyCertificateTool.bat c -s -d "CN=SignCert,O=MyCompany,C=CA" -r<br />
signRequest.csr -k ../configuration/signkeypair/jSignKeystore -p password<br />
Important: You must type jSignKeystore as the name of the signing key store.<br />
Tip: UNIX filenames are case-sensitive <strong>and</strong> must be entered exactly as shown.<br />
3. Create the encryption certificate request by typing the following comm<strong>and</strong>:<br />
• On UNIX, type:<br />
ThirdPartyCertificateTool.sh -c -e -d "CN=EncryptCert,O=MyCompany,C=CA" -r<br />
encryptRequest.csr -k ../configuration/encryptkeypair/jEncKeystore -p password<br />
• On Windows, type:<br />
ThirdPartyCertificateTool.bat -c -e -d "CN=EncryptCert,O=MyCompany,C=CA" -r<br />
encryptRequest.csr -k ../configuration/encryptkeypair/jEncKeystore -p password<br />
Important: You must type jEncKeystore as the name of the encryption key store.<br />
4. Input the certificate signing request (CSR) files into the third party certificate authority.<br />
For more information, see your third-party CA documentation.<br />
The certificate authority produces a signing certificate <strong>and</strong> an encryption certificate.<br />
5. Copy the contents of the CA certificate into ca.cer<br />
6. Copy the contents of the signing certificate into signCertificate.cer.<br />
7. Copy the contents of the encryption certificate into encryptCertificate.cer<br />
8. Copy ca.cer, signCertificate.cer, <strong>and</strong> encryptCertificate.cer to crn_location\bin.<br />
These files must be Base-64 encoded X.509 format.<br />
88 <strong>Cognos</strong> ReportNet TM