Hello Everyone,
I have a quick question on which files to import into the IKeyMan tool after the CSR request been made under the Personal Certificate.
Because customer is having below files. Certificate is about to expire and have to change it to work for TM1Web.
.key, pkcs#7 certificates, .pem file, .pfx file and Security Certificates like cachain,digicert_root, fullchain, intermediate
I am struck at this point, as this is the first time I am doing this certificate update.
Anybody have already come across, kindly give me an idea to proceed further.
Custom SSL cert for Tm1 web
-
- Community Contributor
- Posts: 180
- Joined: Sat May 05, 2018 11:48 am
- OLAP Product: tm1
- Version: 10.3.10100.8
- Excel Version: 14
- Elessar
- Community Contributor
- Posts: 338
- Joined: Mon Nov 21, 2011 12:33 pm
- OLAP Product: PA 2
- Version: 2.0.9
- Excel Version: 2016
- Contact:
Re: Custom SSL cert for Tm1 web
Hi,
What version are you on?
I've configured this about 2 years ago using this link: https://www.ibm.com/support/pages/use-i ... tes-tm1web
If I understand you right, you have done the 3rd step now and should proceed to 4th:
4 - The certificate request file must be provided to the signing certificate authority (CA). The CA will provide one or more files containing the signed encryption certificate and all required CA certificates in the chain.
If you want a self-signed certificate, you should select "«Submit a certificate request using a base-64-encoded CMC or PKCS #10 file or submit a renewal…»", and then download both certificate and certificate chain.
What version are you on?
I've configured this about 2 years ago using this link: https://www.ibm.com/support/pages/use-i ... tes-tm1web
If I understand you right, you have done the 3rd step now and should proceed to 4th:
4 - The certificate request file must be provided to the signing certificate authority (CA). The CA will provide one or more files containing the signed encryption certificate and all required CA certificates in the chain.
If you want a self-signed certificate, you should select "«Submit a certificate request using a base-64-encoded CMC or PKCS #10 file or submit a renewal…»", and then download both certificate and certificate chain.
Best regards, Alexander Dvoynev
TM1 and Data Science blog: 6th article - PAfE + VBA: Commit each cell without pressing “Commit” button.
TM1 and Data Science blog: 6th article - PAfE + VBA: Commit each cell without pressing “Commit” button.
-
- Community Contributor
- Posts: 180
- Joined: Sat May 05, 2018 11:48 am
- OLAP Product: tm1
- Version: 10.3.10100.8
- Excel Version: 14
Re: Custom SSL cert for Tm1 web
Yes, exactly. Good catch @Elessar
TM1 Version - 2.0.7
I have also referred the same link. Of course in step 4, dont have any idea of how to proceed. Do I really need to submit to CA? Because client has 3rd party Certificates and files as below:
.pfx file - Personal Information Exchange
xxx_cachain - Security Certificate
xxx_fullchain - Personal Information Exchange
xxx_digicert_root_g2_base64 - Security Certificate
xxx_intermediate_base64 - Security Certificate
xxx.pem file
xxx.key file
So my understanding is skipping the step 4 and import the keys. Should I import first file .pfx which in turn load all the cert + keys?? But dont know which file to import. Correct me if I am wrong. Thanks
TM1 Version - 2.0.7
I have also referred the same link. Of course in step 4, dont have any idea of how to proceed. Do I really need to submit to CA? Because client has 3rd party Certificates and files as below:
.pfx file - Personal Information Exchange
xxx_cachain - Security Certificate
xxx_fullchain - Personal Information Exchange
xxx_digicert_root_g2_base64 - Security Certificate
xxx_intermediate_base64 - Security Certificate
xxx.pem file
xxx.key file
So my understanding is skipping the step 4 and import the keys. Should I import first file .pfx which in turn load all the cert + keys?? But dont know which file to import. Correct me if I am wrong. Thanks
- Elessar
- Community Contributor
- Posts: 338
- Joined: Mon Nov 21, 2011 12:33 pm
- OLAP Product: PA 2
- Version: 2.0.9
- Excel Version: 2016
- Contact:
Re: Custom SSL cert for Tm1 web
The certificate should be issued to the name of the server running TM1Web, so that it will contain "issued to: www.yourTM1.xxx" (like here, for "www.tm1forum.com" name). So yes, you need to provide the cert. request to CA
Best regards, Alexander Dvoynev
TM1 and Data Science blog: 6th article - PAfE + VBA: Commit each cell without pressing “Commit” button.
TM1 and Data Science blog: 6th article - PAfE + VBA: Commit each cell without pressing “Commit” button.
-
- Community Contributor
- Posts: 180
- Joined: Sat May 05, 2018 11:48 am
- OLAP Product: tm1
- Version: 10.3.10100.8
- Excel Version: 14
Re: Custom SSL cert for Tm1 web
Thanks for your reply Elessar.
In my case 3rd Party Company has already Issued the Certificate for 'TM1Web'.
I can skip the CSR request to CA. Because, currently I have the issued certificate which are .pfx file and related Certs + Key + root files. I have to replace the old Certificate with new Certificate in CAMKEYSTORE.
I have referenced the below link. Using iKeyMann tool, added the .pfx under Personal Certificate and labeled as 'encryption'. Added supporting root certs and keys under the signer certificate.
https://www.ibm.com/support/knowledgece ... 12860_.htm
Now, tm1web utilizing the new SSL certificate and working fine.
In my case 3rd Party Company has already Issued the Certificate for 'TM1Web'.
I can skip the CSR request to CA. Because, currently I have the issued certificate which are .pfx file and related Certs + Key + root files. I have to replace the old Certificate with new Certificate in CAMKEYSTORE.
I have referenced the below link. Using iKeyMann tool, added the .pfx under Personal Certificate and labeled as 'encryption'. Added supporting root certs and keys under the signer certificate.
https://www.ibm.com/support/knowledgece ... 12860_.htm
Now, tm1web utilizing the new SSL certificate and working fine.
- Elessar
- Community Contributor
- Posts: 338
- Joined: Mon Nov 21, 2011 12:33 pm
- OLAP Product: PA 2
- Version: 2.0.9
- Excel Version: 2016
- Contact:
Re: Custom SSL cert for Tm1 web
Thank you kavitha2002
This is really rare when the topic starter returns with solution description.
This is really rare when the topic starter returns with solution description.
Best regards, Alexander Dvoynev
TM1 and Data Science blog: 6th article - PAfE + VBA: Commit each cell without pressing “Commit” button.
TM1 and Data Science blog: 6th article - PAfE + VBA: Commit each cell without pressing “Commit” button.