HCL Workload Automation, Version 9.4

Configuring the agent to use Cognos in SSL

Configure the HCL Workload Automation agent to connect to an IBM Cognos server that is using SSL.

About this task

To configure the agent to connect to an IBM Cognos server that is using SSL, perform the following procedure.
Note: On Windows operating systems, path with blanks must be specified between double quotes.

Procedure

  1. On the IBM Cognos server, run the following command to export the certificate:
    On Windows operating systems:
    <Cognos_inst_path>\bin\ThirdPartyCertificateTool.bat -E -T
 -r \<certificate_dir>\<certificate_name>
 -k <Cognos_inst_path>\configuration\signkeypair\jCAKeystore
 -p <cognos_keystore_password>
    On UNIX and Linux operating systems:
    <Cognos_inst_path>/bin/ThirdPartyCertificateTool -E -T
 -r /<certificate_dir>/<certificate_name>
 -k <Cognos_inst_path>/configuration/signkeypair/jCAKeystore
 -p <cognos_keystore_password>
    where:
    cognos_inst_path
    Specify the path where you installed the IBM Cognos server.
    certificate_dir
    Specify the directory in which to export the IBM Cognos certificate.
    certificate_name
    Specify the name of the IBM Cognos certificate you export.
    cognos_keystore_password
    Specify the IBM Cognos password defined in the IBM Cognos Configuration > Security > Cryptography > Cognos - Certificate Authority settings - Certificate Authority key store password.
    For example, if you installed the IBM Cognos server on a UNIX operating system in the /opt/abc/Cognos/c10 path, you want to export the /tmp/cacert.cer certificate and the Certificate Authority key store password is pass00w0rd, run the command as follows:
    /opt/abc/cognos/c10/bin/ThirdPartyCertificateTool.sh -E -T
 -r /tmp/cacert.cer
 -k /opt/abc/cognos/c10/configuration/signkeypair/jCAKeystore
 -p pass00w0rd
  2. On the agent, run the following command to import the certificate into the agent keystore:
    On Windows operating systems:
    <agent_inst_path>\TWS\JavaExt\jre\jre\bin\keytool -import
 -file <exp_certificate_dir>\<certificate_name>
 -keystore <agent_inst_path>\TWS\JavaExt\jre\jre\lib\security\cacerts
 -storepass <keystore_password> -alias Cognos10
    On UNIX and Linux operating systems:
    <agent_inst_path>/TWS/JavaExt/jre/jre/bin/keytool -import
 -file <exp_certificate_dir>/<certificate_name>
 -keystore <agent_inst_path>/TWS/JavaExt/jre/jre/lib/security/cacerts
 -storepass <keystore_password> -alias Cognos10
    where:
    agent_inst_path
    Specify the path where you installed the agent.
    exp_certificate_dir
    Specify the directory where you stored the exported IBM Cognos certificate.
    certificate_name
    Specify the certificate you want to import.
    keystore_password
    Specify the keystore password of the Java extension. The default is changeit.
    For example, if you installed the agent on a Windows operating system in the D:\TWS\Engine\tws_user\ path, you want to import the cacert.cer certificate in the c:\app\certificate\ directory, and the password of the agent keystore is a0password, run the command as follows:
    D:\TWS\Engine\tws_user\TWS\JavaExt\jre\jre\bin\keytool
 -import -file c:\app\certificate\cacert.cer
 -keystore D:\TWS\Engine\tws_user\TWS\JavaExt\jre\jre\lib\security\cacerts
 -storepass a0password -alias Cognos10
  3. In the agent JobManager.ini configuration file, add the JVMOptions parameter as follows: 
    JVMOptions  = -Djavax.net.ssl.trustStore=
"<agent_inst_path>\TWS\JavaExt\jre\jre\lib\security\cacerts"
 -Djavax.net.ssl.trustStorePassword=<keystore_password>
    On Windows operating systems:
    JVMOptions  = -Djavax.net.ssl.trustStore=
"<agent_inst_path>\TWS\JavaExt\jre\jre\lib\security\cacerts"
 -Djavax.net.ssl.trustStorePassword=<keystore_password>
    On UNIX and Linux operating systems:
    JVMOptions  = -Djavax.net.ssl.trustStore=
"<agent_inst_path>/TWS/JavaExt/jre/jre/lib/security/cacerts"
 -Djavax.net.ssl.trustStorePassword=<keystore_password>
    where:
    agent_inst_path
    Specify the path where you installed the agent.
    keystore_password
    Specify the keystore password of the Java extension.
    For example, if you installed the agent on a Windows operating system in the D:\TWS\Engine\tws_user\ path, the agent keystore path is D:\TWS\Engine\tws_user\TWS\JavaExt\jre\jre\lib\security\cacerts and the password agent keystore is a0password, add the JVMOptions parameter as follows:
    JVMOptions  = -Djavax.net.ssl.trustStore=
"D:\TWS\Engine\tws_user\TWS\JavaExt\jre\jre\lib\security\cacerts"
 -Djavax.net.ssl.trustStorePassword=a0password
  4. Start and stop the agent using the ShutDownLwa and StartUpLwa commands. See ShutDownLwa - Stop the agent and StartUpLwa - Start the agent, respectively.
Parent topic: IBM Cognos jobs