Product:
Cognos Analytics 11.1.7
Microsoft Windows 2019 Server
Issue:
After change to use HTTPS in Cognos Configuration, you get a error when you save.
[Populate authentication settings] [ WARNING ] Failed to populate the authentication settings to server
Solution:
When change values in Cognos Configuration that have with certificates, you need to first stop the “IBM Cognos” windows service.
Then you can save the configuration without warnings.
More Information:
To active Cognos internal certificate, you need to inside Cognos Configuration on your Content Manager server change HTTP to HTTPS under environment – group properties.
Check that server FQDN is at Cognos – Cryptography ;DNS names and Server common name.
Save will create the certificate files.
Start CMD, and move to folder C:\Program Files\ibm\cognos\analytics\bin
Run this to export the Cognos certificate
ThirdPartyCertificateTool.bat -E -T -p NoPassWordSet -r ca.cer
Start MMC on your Windows server where Cognos Gateway is installed, and certificates and go to “Trusted Root Certification Authority”. Right click to Import certs.
Select the ca.cer file and import it.
Inside IIS manager, go to \ibmcognos\bi folder and click on URL Rewrite icon.
Click on Reverse proxy Rules to edit.
At action properties – Rewrite URL: change the http to https
https://servername.domain.com:9300/bi/{R:0}
Click apply in the right corner.
Exit IIS manager.
On PA server open Command Prompt as an Administrator and navigate to the \bin64\ directory.
Execute the following command to import/trust the certificate for Tm1 admin:
gsk8capicmd_64 -cert -add -db “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\ibmtm1.kdb” -stashed -label caRoot -file “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\ca.cer” -format ascii -trust enable
Go to \bin64\jre\bin\ to import it to PMPSVC java keystore.
keytool.exe -import -trustcacerts -file “C:\Program
Files\ibm\cognos\tm1_64\bin64\ssl\ca.cer” -keystore “C:\Program
Files\ibm\cognos\tm1_64\bin64\ssl\tm1store” -alias caRoot -storepass applix
You need also to add the ca.cer file to the correct keystore for TM1WEB.
https://www.ibm.com/support/pages/node/879929
Configure Planning Analytics 2.0 TM1 Server with SSL Cognos BI Dispatcher (ibm.com)
How to Configure Planning Analytics to Connect to an SSL Secured Cognos Dispatcher (ibm.com)
Configuring TM1 Server to trust the SSL certificate on CA Side (ibm.com)
https://www.ibm.com/support/pages/configuring-ibm-cognos-analyticsbi-https-enabled-web-server
https://www.ibm.com/docs/en/cognos-analytics/11.0.0?topic=components-configuring-ssl-cognos