Hi all,
I am trying REST API and was able to work disabling "SSL certificate verification."
To enable "SSL certificate verification", we have to import SSL cert and am looking for those steps.
In the link "https://www.ibm.com/support/pages/node/6620979" point 5, "import the certificate that is used by TM1 Server" is what is to be done. What and where is the SSL cert in the server? Is it the "D:\Program Files\ibm\cognos\tm1_64\bin64\ssl" folder?
Can someone let me know the steps - as to where the cert is and how should a cer and a key file be loaded to postman and what should be the URL? Also, how do we autmate?
Our PA2 version is 2.0.9.5.
Thanks,
Paul.
Postman SSL Cert
-
- Regular Participant
- Posts: 198
- Joined: Wed May 06, 2020 2:58 pm
- OLAP Product: Planning Analytics
- Version: 2.0.9
- Excel Version: 2016
Re: Postman SSL Cert
This is how to import into the certificate into postman
https://learning.postman.com/docs/sendi ... tificates/
And here's a way to get that certificate
https://www.ibm.com/support/pages/how-o ... ertificate
If your tm1 is just using the default SSL cert does reside in the the SSL folder you mention. The file is called ibmtm1.arm, this includes the base64 encoded cert and a public key
https://learning.postman.com/docs/sendi ... tificates/
And here's a way to get that certificate
https://www.ibm.com/support/pages/how-o ... ertificate
If your tm1 is just using the default SSL cert does reside in the the SSL folder you mention. The file is called ibmtm1.arm, this includes the base64 encoded cert and a public key
-
- Posts: 124
- Joined: Tue Jun 13, 2017 3:20 pm
- OLAP Product: TM1
- Version: 10.2.2
- Excel Version: 2010
Re: Postman SSL Cert
Thanks Burnstripe for the reply.
We are using the default SSL cert and so I used the "ibmtm1.arm" like you said and actually renamed it to .pem and get this error.
Renaming was an idea from this link.
https://serverfault.com/questions/18859 ... em-format
Thanks,
Paul.
We are using the default SSL cert and so I used the "ibmtm1.arm" like you said and actually renamed it to .pem and get this error.
What should be my next steps?SSL Error: Hostname/IP does not match certificate's altnames
Renaming was an idea from this link.
https://serverfault.com/questions/18859 ... em-format
Thanks,
Paul.
-
- Regular Participant
- Posts: 198
- Joined: Wed May 06, 2020 2:58 pm
- OLAP Product: Planning Analytics
- Version: 2.0.9
- Excel Version: 2016
Re: Postman SSL Cert
Are you able to import it without converting to a pem. Or does postman require that specific format... I may have to do some testing on this myself to see if I can be of further assistance.
My guess is the private key is being lost when you rename the file from .arm to .pem
Have you looked into ikeyman to extract it in pem, might be an option
My guess is the private key is being lost when you rename the file from .arm to .pem
Have you looked into ikeyman to extract it in pem, might be an option
-
- Posts: 124
- Joined: Tue Jun 13, 2017 3:20 pm
- OLAP Product: TM1
- Version: 10.2.2
- Excel Version: 2010
Re: Postman SSL Cert
Hi Burnstripe,
I tried to extract the TM1 cert (ibmtm1.arm) that we loaded loaded into the Cognos key store and it gave a .arm file and not cer file with key. Can you please try on your side once? I am stuck here.
Thanks,
Paul.
I tried to extract the TM1 cert (ibmtm1.arm) that we loaded loaded into the Cognos key store and it gave a .arm file and not cer file with key. Can you please try on your side once? I am stuck here.
Thanks,
Paul.
-
- Regular Participant
- Posts: 198
- Joined: Wed May 06, 2020 2:58 pm
- OLAP Product: Planning Analytics
- Version: 2.0.9
- Excel Version: 2016
Re: Postman SSL Cert
Hi Paul,
In order for Postman to work with SSL certificate verification enabled, you would need to have your adminhost configured for SSL, aka the rest api address http://localhost:52670/api/v1/$metadata would need to be using https.
If it's not then this setting SSL certificate verification must be disable.
If the rest api address is accessible through https e.g. https://localhost:52670/api/v1/$metadata then you can get a copy of the certificate by navigating to the address in a browser through chrome/edge etc...
To extract using chrome for example, put the rest api address in, and on the padlock next to the address bar, click into this, select certificate is secure, and then certificate is valid. In the popup go to details, select export and you can call it .crt.
Then go into Postman, Settings, Certificates and where it says client certificates select add certificate. Enter host details and select the CRT file. Leave the passphrase blank and click add. That should be it... Note: I don't have a system to test this on.
You shouldn't need to use the ibmtm1.arm. Note: You may also need to install the certificate onto your machine for it to be trusted. To do this find your crt file, right click and select install certificate
In order for Postman to work with SSL certificate verification enabled, you would need to have your adminhost configured for SSL, aka the rest api address http://localhost:52670/api/v1/$metadata would need to be using https.
If it's not then this setting SSL certificate verification must be disable.
If the rest api address is accessible through https e.g. https://localhost:52670/api/v1/$metadata then you can get a copy of the certificate by navigating to the address in a browser through chrome/edge etc...
To extract using chrome for example, put the rest api address in, and on the padlock next to the address bar, click into this, select certificate is secure, and then certificate is valid. In the popup go to details, select export and you can call it .crt.
Then go into Postman, Settings, Certificates and where it says client certificates select add certificate. Enter host details and select the CRT file. Leave the passphrase blank and click add. That should be it... Note: I don't have a system to test this on.
You shouldn't need to use the ibmtm1.arm. Note: You may also need to install the certificate onto your machine for it to be trusted. To do this find your crt file, right click and select install certificate