Exploring TM1 - a Chartertech Company
Close this search box.

Cognos Analytics Configure SSL Certificate

Configuring SSL Certificate to Cognos Analytics server provides an extra layer of security that verify the website’s identity.


The following conditions must be met before you proceeding to configuring Cognos Analytics.

  • SSL certificate file must already be in PKCS12/PFX format and contain the complete certificate chain.
  • Place the certificate outside the TM1Web installation

Import SSL Certificate in Cognos Analytics

Do the following step to be able to retrieve the individual files of the certificate chain ( root certificate, intermediate certificate and end-user certificate).

  1. Run MMC and right-click Run as Administrator.
  2. Under File select Add or Remove Snap-ins
  1. Select Certificate and click on Add>
  1. Select Local Computer and click Finish and then OK.
  1. Select Local Computer and click Finish and then OK.
  1. Under Trusted Root Certificate Authorities, right-click on Certificate and click on All Task -> Import and click Next.
  1. Under Trusted Root Certificate Authorities, right-click on Certificate and click on All Task -> Import and click Next.
  1. Click on Browse… and select the location of the .pfx file (NOTE: Make sure to change the type to Personal Information Exchange) and then click Next.
  1. Enter the password of the pfx file and click Next.
  1. In the MMC, Under Trusted Root Certificate Authority -> Certificate select the server certificate. The default view is shown as below. Make sure the certificate is issue for the correct server.

Export Root, Intermediate and End-User Certificate from PFX File

  1. Under Trusted Root Certificate Authorities, click on the imported certificate.
  1. Go under Certificate Path, in this page you should be able to verify the certificate chain. The top is the root certificate, underneath it is the intermediate certificate and the last is the end-user certificate.
  1. Under Details, click on Copy to File… and click Next.
  1. Click on No, do not export the private key. (NOTE: Selecting Yes, export the private key will only allow you to export the file in pfx file)
  1. Select Browse… and browse to the directory where you want to keep you certificates.
  1. Save the end-user certificate as cacert, intermediate certificate as caint and root certificate as caroot.
  2. Repeat the same for all the other certificates.

Import SSL Certificate

  1. Open Command Prompt as Administrator and go to the <cognos analytics installation>/ibm/cognos/analytics/bin
  2. Write the following scripts to import the caroot (root certificate).
ThirdPartyCertificateTool.bat -java:local -i -T -r <location of cacert location> -p “NoPassWordSet”
  1. Do the same for the caint (intermediate certificate).
  2. Import the pfx file using the following script.
ThirdPartyCertificateTool.bat -java:local -i -e -a rsa –p “NoPassWordSet” -K <location of the pfx file> -w <pfx password>

Configure SSL Certificate in Cognos Analytics

Once you have imported the certificate you would need configure to the SSL Certificate in Cognos Analytics through IBM Cognos Configuration.

  1. Under Environment, update the following to use https instead of http.
  • Gateway URI
  • External dispatcher UR
  • Internal dispatcher URI
  • Dispatcher URI for external applications
  • Content Manager URIs
  1. Under Security -> Cryptography, delete Cognos and right click on Cryptography and select New Resource and enter the name and select Third Party Certificate authority.

Update Cognos Gateway

If you are using Cognos Gateway to utilize single-signon, you would need to make additional configuration.


  1. Open Microsoft Internet Information Services (IIS) and go the host server name on the top of the navigation tree and open Server Certificate.
  2. Add click on Import Certificate
  3. Go to bi folder, double-click on URL Rewrite and select Reverse Proxy and update Rewrite URL to use https.  
  1. Under Default Website, select on the right-pane, Bindings…
  1. In the Binding Site, click on Add.
  • Update the following field:
  • Type : https
  • Host Name : Host Name FQDN
  • SSL Certificate : SSL Certificate of the Web Server
  1. Go to Application Pool and stop ICAPool
  2. Go to the Host Name and Stop and then Start.
  3. Go back to the Application Pool and start ICAPool.

If you are utilising Cognos Analytics for Planning Analytics security, you can look into Cognos Analytics to Recognise Cognos Analytics SSL Certificate.

Need Help?

If you have any questions about installing Planning Analytics and configuring SSL Certificate, please reach out to us. We’d be delighted to help.

  • This field is for validation purposes and should be left unchanged.

Post Sections

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Log In