Request for help in configuring SSL for TM1 server 10.1

[bhanumurthy]

Hi,
Could someone please help me in configuring SSL for TM1 10.1 adminserver and tm1server, I am trying to generate my own certificates instead of provided applix certificates.

however I couldn't succeed in it, would be great help if someone can provide me the steps to be followed to do so.

FYI, I am trying to use windows certificate store.

Thanks in advance.

Bhanu

[bhanumurthy]

I get the below error in tm1s.log ,however tm1adminserver service starts normally. problem is only with tm1server service.
please help if anyone is aware of this.. thanks

--------------------------------------------------
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Data Directory: c:\vijay
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Admin Host: hari
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Logging Directory: c:\vijay
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Configuration Directory: c:\vijay
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Raw Store Directory: c:\vijay
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Port: 28464
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Client Message Port: 28465
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Client Message Port does not accept Tm1Top connections.
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Export Admin Server Certificate: 1
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Export Admin Server Certificate ID: Administrator
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Admin Server SSL Cert ID: Administrator
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server IP Version: ipv4
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server SSL Mode: 1
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Export Server Certificate: 1
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Export Server Certificate ID: C:\Program Files\ibm\cognos\tm1\bin\ssl\tm1svrcert1.pem
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Certificate Authority: MAGAADU
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Client Export Server Certificate: 1
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Client Export Server Certificate ID: Administrator
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server DH 512 File: C:\Program Files\ibm\cognos\tm1\bin\ssl\dh512.pem
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server DH 1024 File: C:\Program Files\ibm\cognos\tm1\bin\ssl\dh1024.pem
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Private Key Password File: C:\Program Files\ibm\cognos\tm1\bin\ssl\btprk.dat
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Password Key File: C:\Program Files\ibm\cognos\tm1\bin\ssl\btkey.dat
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Security Mode: 1
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Start time: Sun May 19 2013 06:26:00 PM
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server The server will use Parallel Interaction.
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Server threading mode is thread per connection.
2092 [] INFO 2013-05-19 12:56:00.888 TM1.Server Client Message Port does not accept Tm1Top connections.
2180 [] INFO 2013-05-19 12:56:00.966 TM1.Comm.SSL Unable to find certificate in store
1088 [] INFO 2013-05-19 12:56:00.966 TM1.Comm.SSL Unable to find certificate in store
2180 [] INFO 2013-05-19 12:56:00.966 TM1.Comm.SSL Unable to retrieve issuer name
2180 [] INFO 2013-05-19 12:56:00.966 TM1.Comm.SSL Error retrieving certificate from store
1088 [] INFO 2013-05-19 12:56:00.966 TM1.Comm.SSL Unable to retrieve issuer name
1088 [] INFO 2013-05-19 12:56:00.966 TM1.Comm.SSL Error retrieving certificate from store
808 [] INFO 2013-05-19 12:56:00.966 TM1.Server --------------------Session Start--------------------
808 [] INFO 2013-05-19 12:56:00.966 TM1.Server TM1 Build Number: 10.1.00000.20166
2092 [] ERROR 2013-05-19 12:56:00.966 TM1.Server E15) Server unable to listen on port 28464. Please check the log file for further details.
2092 [] INFO 2013-05-19 12:56:00.966 TM1.Server The server is coming down...
2092 [] INFO 2013-05-19 12:56:00.966 TM1.Server Server shutdown

[lotsaram]

Why would you want to generate your own SSL certificate? I haven't ever had a need or inclination for this.

[bhanumurthy]

Hi,
when IBM itself says you can replace applix certificates with your own certificates, and we dont want to use the certificates provided by vendor for certain reasons.

has anyone tried this option? if yes, please provide me the process that you followed to do so.

thanks for your time on this matter.

Thanks
Bhanu

[tomok]

The only reason I can think of where you may want to create your own certificates would be if you were going to expose your TM1 server to the internet, i.e., outside your corporate network, without using Citrix or some other remote desktop type tool. This, in itself, is an inherently bad idea. TM1 performs extremely poorly in this type setup because of the bandwidth requirements of Architect and/or Perspectives. If it is all behind the firewall then why in the world would you want to create your own certificate?

[bhanumurthy]

fyi, without citrix, out of the intranet. hence we started all these excercise.

does TM1 really work with my own certificates?

it would be great of you could help me.

Thanks
Bhanu

[Headache]

Hello,

Did you ever get anywhere with this. Sounds like I am in the same position as you; I have been asked to enable SSL across out TM1 10.1 environment, and using our own certs (because the IBM docs recommend it).

I am a totally new to TM1 and I have never even seen it up until a week ago, so I am finding the documentation and terminology challenging.

Thanks.

[dsproffitt]

How did you get on with this?
In the DeveloperWorks section of the IBM site there are documents to help you with this.
I have spent some time teaching Support Analysts about PKI/SSL and the joys of implementing them in to Cognos products.
The documentation there is very good.

[Willi]

Hi, did you see this thread: http://www.tm1forum.com/viewtopic.php?f=3&t=10277