CAM-CRP-1632 The selected PDF Confidentiality algorithm is not permitted by the NIST SP 800-131A standard

by ·Comments Off on CAM-CRP-1632 The selected PDF Confidentiality algorithm is not permitted by the NIST SP 800-131A standard

Product:
Cognos Analytics 11.1.6 Product_version=11.1 R6
Microsoft Windows 2016

Problem:
Error when start cognos from cognos configuration like this;
[Check NIST 131A conformance]
[ WARNING ] CAM-CRP-1632 The selected PDF Confidentiality algorithm is not permitted by the NIST SP 800-131A standard. You must change the selected algorithm to a stronger algorithm such as ‘AES-256’. Note that you may need to install the JRE’s unlimited jurisdiction policy files to enable all of the supported algorithms

Solution:


Open first Cognos Configuration and check that it says 128 at Cryptography > Cognos > field “PDF Confidentiality Algorithm – Advanced encryption standard with Cipher Block Chaining (CBC) mode 128 bit key”. Stop cognos service and close Cognos Configuration.
Backup the files in folder C:\Program Files\ibm\cognos\analytics\ibm-jre\jre\lib\security\ to c:\temp\security


Download the new policy zip file from https://public.dhe.ibm.com/ibmdl/export/pub/systems/cloud/runtimes/java/security/jce_policy/
Unzip the file in a new folder (c:\install), creating folder C:\install\unrestricted.


Copy the two new files (US_export_policy.jar and local_policy.jar)to folder C:\Program Files\ibm\cognos\analytics\ibm-jre\jre\lib\security\policy\unlimited


Open Cognos Configuration and go to Cryptography > Cognos. Change PDF Confidentiality Algorithm and Confidentiality Algorithm to Advanced encryption standard with Cipher Block Chaining (CBC) mode 256 bit key.

Right-click on supported ciphersuites and select “Reset to Default”.

Save the configuration and start the Cognos service.

 

More information:
https://www.ibm.com/support/pages/check-nist-131a-conformance-warning-while-starting-cognos-services