TM1 Forum

Hello guys,

this is my current environment:

computer_1: Running PA Spreadsheet Services (TM1Web) 11.0.73 configured (and working) for using SSL.
computer_2: Running TM1 Server (Database instance) 2.0.9.11 also configured (and working) for using SSL.

The SSL-certificates are in .pfx format.

Both computers are in the same domain and use their own (self-signed) oppenssl certificate (-> It´s a testing environment).
Now I want my TM1Web on computer_1 to access my TM1 Server on computer_2. When I want to change the Admin host on the login screen of the TM1Web to "computer_2", it won´t list any servers. I red about adding the SSL-Certificate from computer_2 to computer_1, but I had no luck with it so far.

How and where do I add the TM1 Server certificate on my TM1Web computer?

Thanks and best regards

Hi, Have you spotted this IBM page?
https://www.ibm.com/docs/en/planning-an ... g-keystore

Under section 1 h, it says
"If you communicate with any other TM1 Servers or applications that use different certificates, you must repeat the previous step, importing any additional certificates you require."

In order for TM1Web to communicate with the TM1Server, you'll need to import the TM1Server certificates into TM1Web. Once you've imported it and restarted tm1web you should hopefully start seeing the servers

You may also need to import the root certificate and ca certificate into the local machine as you're using a self-signed cert
https://www.sonicwall.com/support/knowl ... %20Finish.

Hi,

yes I found the IBM page you suggested before and tried to import my TM1 Server certificate.

When I configured SSL for TM1Web I had to add a keystore which will be used by TM1Web in my server.xml (located in \Program Files\ibm\cognos\tm1web\wlp\usr\servers\tm1web).

=> <keyStore id="defaultKeyStore" location="C:\Program Files\ibm\cognos\mycert.pfx" password="topsecret" />

So I´m pretty sure that I need to add the TM1_Server certificate to this keystore in order to get it working. But the problem is that my keystore is in .pfx format and the TM1_Server Certificate is also in .pfx format. So how do I add them?

Hi,

In step f/g there is this command, this is what you need to run

keytool -importcert -keystore "C:\Program Files\ibm\cognos\certificates\customKeystore.pfx" -storepass your_password -storetype pkcs12 -noprompt -alias ibmtm1 -file ..\..\bin64\ssl\ibmtm1.arm

change C:\Program Files\ibm\cognos\certificates\customKeystore.pfx to the location of your TM1_Server certificate

This command will then load the certificate into the keystore called ibmtm1.arm which cognos is defaulted to use. If you have chosen to create an alternative keystore then you'll need to point to this instead and update configuration to ensure it is picking up the right keystore.