Where is the java key-store?

Product:
Planning Analytics 2.0.9.7
Microsoft Windows 2019 server

Problem:
What java keystore should i use for PA?

Follow official documentation in the first place, as the solution change with different versions of Cognos.

Suggested solution:

https://www.ibm.com/docs/en/planning-analytics/2.0.0?topic=itw-configure-ssl-planning-analytics-tm1-webspreadsheet-services-existing-keystore

Make a backup of the ssl folder before you change anything.

The JAVA Keystore used by PMPSVC.  Open Command Prompt as an Administrator and navigate to the <tm1 install dir>\bin64\jre\bin\ directory.

Execute the following command to import/trust the certificate:

keytool.exe -import -trustcacerts -file “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\caRoot.cer” -keystore “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\tm1store” -alias caRoot -storepass applix

The JAVA Keystore used by TM1WEB.  Open Command Prompt as an Administrator and navigate to the <tm1 install dir>\bin64\jre\bin\ directory.

Execute the following command to import/trust the certificate:

keytool.exe -import -trustcacerts -file “C:\Program Files\ibm\cognos\tm1web\bin64\ssl\caRoot.cer” -keystore “C:\Program Files\ibm\cognos\tm1web\bin64\ssl\tm1store” -alias caRoot -storepass applix

 

More information:

https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

Java Keytool Commands for Creating and Importing

These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.

  • Generate a Java keystore and key pair
    keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks  -keysize 2048
  • Generate a certificate signing request (CSR) for an existing Java keystore
    keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
  • Import a root or intermediate CA certificate to an existing Java keystore
    keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
  • Import a signed primary certificate to an existing Java keystore
    keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
  • Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytoolfor more info)
    keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

If you need to check the information within a certificate, or Java keystore, use these commands.

  • Check a stand-alone certificate
    keytool -printcert -v -file mydomain.crt
  • Check which certificates are in a Java keystore
    keytool -list -v -keystore keystore.jks
  • Check a particular keystore entry using an alias
    keytool -list -v -keystore keystore.jks -alias mydomain

Other Java Keytool Commands

  • Delete a certificate from a Java Keytool keystore
    keytool -delete -alias mydomain -keystore keystore.jks
  • Change a Java keystore password
    keytool -storepasswd -new new_storepass -keystore keystore.jks
  • Export a certificate from a keystore
    keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
  • List Trusted CA Certs
    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
  • Import New CA into Trusted Certs
    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/secur

https://www.ibm.com/support/pages/how-configure-custom-ssl-certificates-planning-analytics-20-and-201

https://www.ibm.com/support/pages/how-configure-planning-analytics-connect-ssl-secured-cognos-dispatcher

https://docs.bmc.com/docs/decisionsupportserverautomation/89/using-third-party-certification-authority-certificates-656916032.html