How to generate 1024/2048 bit key for Cognos to be used to generate CA signed certificate?

Article:TECH143777  |  Created: 2010-11-09  |  Updated: 2012-08-27  |  Article URL http://www.symantec.com/docs/TECH143777
Article Type
Technical Solution


Environment

Issue



Need to generate a 1024/2048 bit .csr for Cognos.  By default, the web server provided with (CommandCentral Enterprise Reporter) CCER only generates 512 bit .csr.


Environment



CCER5.2

Windows


Solution



Apache Web Server configuration and use it as a gateway for accessing Cognos

 
Configuring Apache Web server
 
·        Install Apache webserver 2.2.15 (It will prompt for domain name and machine name and email address)
 

·        Edit C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\httpd.conf and do the following:

1. Uncomment the line 
         LoadModule ssl_module modules/mod_ssl.so
 
2. Add following entries under <IfModule alias_module>
    ScriptAlias /cognos/cgi-bin "C:/Program Files (x86)/VERITAS/VRTSccer/Cognos/cgi-bin"
    Alias /cognos "C:/Program Files(x86)/VERITAS/VRTSccer/Cognos/webapps/p2pd"
 
3. Add the following entries for providing permissions for cognos cgi directories
<Directory "C:/Program Files (x86)/VERITAS/VRTSccer/Cognos/webapps/p2pd">
    Options Indexes MultiViews
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
 
<Directory "C:/Program Files (x86)/VERITAS/VRTSccer/Cognos/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
 
4. Change port from 80 to 9191
 
5. Uncomment the line AddHandler cgi-script .cgi
 
6. Uncomment the line Include conf/extra/httpd-ssl.conf
 
·        Edit the C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\httpd-ssl.conf and do the following :
 
1.     Change the port number from 443 to 9443 and all other 443 entries to 9443
2.     Change SSLSessionCache line in httpd-ssl.conf to point to a directory without (x86).
 
 
Creating SSL certificates
·        Open a command prompt and type CD C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf to switch to the configuration directory for the Apache web server.
·        Run  the following command:
"C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\openssl" req -config openssl.cnf -new -out server.csr -passout pass:sahara
·        At the command prompt run the following command to remove the passphrase from the private key:
"C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\openssl" rsa -in privkey.pem -out server.key -passin pass:sahara
·        Delete .rnd file under C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf
·        To create the certificate run the command:
"C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\openssl" x509 -in server.csr -out server.crt -req -signkey server.key -days 1500
 
Importing certificate in JRE prior to CCER5.2RU3
  • Copy server.crt from C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf to C:\Program Files (x86)\Common Files\VERITAS Shared\VRTSjre\jre1.5\bin
  • Run the following command
"C:\Program Files (x86)\Common Files\VERITAS Shared\VRTSjre\jre1.5\bin\keytool" -import -noprompt -alias ERApacheSSLKey -file "C:\Program Files (x86)\Common Files\VERITAS Shared\VRTSjre\jre1.5\bin\server.crt" -keystore "C:\Program Files (x86)\Common Files\VERITAS Shared\VRTSjre\jre1.5\lib\security\cacerts" -storepass changeit -trustcacerts

 

 
Importing certificate in JRE after upgrade to CCER5.2RU3
  • Copy server.crt from C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf to C:\Program Files (x86)\VERITAS\VRTSccer\esmweb\jre\bin
  • Run the following command
"C:\Program Files (x86)\VERITAS\VRTSccer\esmweb\jre\bin\keytool" -import -noprompt -alias ERApacheSSLKey -file "C:\Program Files (x86)\VERITAS\VRTSccer\esmweb\jre\bin\server.crt" -keystore "C:\Program Files (x86)\VERITAS\VRTSccer\esmweb\jre\lib\security\cacerts" -storepass changeit -trustcacerts  
 
  • Restart "VERITAS Enterprise Reporter Web Console" and "Cognos8" services.
Change the URL in ER database
 Run the following SQL command by connecting to the CCER instance in Oracle database
NOTE: (Please give the CCER server name in the machinename in bold below)
  UPDATE sahara.configuration
SET string_value='https://machinename:9443/cognos/cgi-bin/cognos.cgi'
WHERE NAME='COGNOS_URL'
 
Last step would be to restart Cognos8 service, Symantec Web Server service, Veritas Enterprise Reporter Web Console from the Services Control Panel. Also restart the Apache web server which was installed as given in the 1st step of this document.
 
 
 

 




Article URL http://www.symantec.com/docs/TECH143777


Terms of use for this information are found in Legal Notices