Planning Analytics Workspace (PAW) is a web-based planning analytics interface used to access TM1 cubes. Configuring SSL Certificate to a web service adds another layer of security that verify the website’s identity.
Pre-requisite
The following conditions must be met before you can configure SSL for Planning Analytics Wokspace
- SSL certificate file must either be PKCS12/PFX format and contain the complete certificate chain or all the 3 certificate chain (root, intermediate and server certificate)
- Private key
Import SSL Certificate PFX File
Before you can proceed to configuring the PAW to utilise the SSL Certificate. You need to do the following step if you were only given pfx file and not the individual files of the certificate chain ( root certificate, intermediate certificate and end-user certificate).
- Run MMC and right-click Run as Administrator.
- Under File select Add or Remove Snap-ins
- Select Certificate and click on Add>
- Select COMPUTER ACCOUNT.
- Select Local Computer and click Finish and then OK.
- Under Trusted Root Certificate Authorities, right-click on Certificate and click on All Task -> Import and click Next.
- Click on Browse… and select the location of the .pfx file (NOTE: Make sure to change the type to Personal Information Exchange) and then click Next.
- Enter the password of the pfx file and click Next.
- In the MMC, Under Trusted Root Certificate Authority -> Certificate select the server certificate. The default view is shown as below. Make sure the certificate is issue for the correct server.
Export Root, Intermediate and End-User Certificate from PFX File
- Under Trusted Root Certificate Authorities, click on the imported certificate.
- Go under Certificate Path, in this page you should be able to verify the certificate chain. The top is the root certificate, underneath it is the intermediate certificate and the last is the end-user certificate.
- Under Details, click on Copy to File… and click Next.
- Click No, do not export the private key. (NOTE: Selecting Yes, export the private key will only allow you to export the file in pfx file)
- Select Browse… and browse to the directory where you want to keep you certificates.
- Save the end-user certificate as cacert, intermediate certificate as caint and root certificate as caroot.
- Repeat the same for all the other certificates.
Configure SSL Certificate in Planning Analytics Workspace
- In the PAW Server, <paw installation location>/config/ssl and search for the pa_workspace.pem file.
- Update the file in the following format and sequence.
Update paw.ps1 configuration file
- Open paw.ps1 under the config folder.
$env:EnableSSL=”true”
$env:ServerName=”<paw-server-name>”
- Open Window Powershell as Administrator.
- Go to <paw installation> and run the script ./scripts/paw.ps1 stop.
- Once its completed, run the script ./scripts/paw.ps1.
Adding Planning Analytics (PA)/ Cognos Analaytics (CA) Custom Certificate
If you’re utilising custom certificate for your Planning Analytics and Cognos Analytics you would need to add their custom certificate to the PAW Keystore.
- To add custom certificates, make sure that PAW is stopped. To stop PAW, open Window PowerShell as Administrator. Go to the location where PAW was installed and type the following script.
.scripts/paw.ps1 stop
- Add all custom certificate in .pem format in this location <%PAW INSTALLATION DIRECTORY%>\config\certs
- Run the following script in Window PowerShell
./scripts/process_certs.ps1
You can now start the PAW service.
Need Help?
If you have any questions about installing Planning Analytics and configuring SSL Certificate, please reach out to us. We’d be delighted to help.