Are Your IBM Security Certificates About To Expire?


The purpose of SSL certificates (Secure Sockets Layer) are for encrypting data as it is transferred around a network. These SSL certificates also have an expiration date. If the IBM security certificates expire, you may run into issues using certain client side Cognos applications or gaining access to your data and system.

There are many good reasons for keeping your Cognos BI and TM1 systems up to date on fix packs. One of the most important is that it will keep the security (SSL) certificates updated or renewed! (Please note that the most recent fix packs do not have the SSL updates yet. IBM should have updated fix packs soon and we will update when available.)

Below, you will find some easy tips for determining when your certificates expire and how to check what version of TM1 or BI (with fix packs) you are operating.

Tips For Determining Expirations & Operating Versions

First, let’s start with the instructions to check on your expiration dates for the IBM security certificates. The summary instructions can be found by using this IBM Support Link.

Next, you will want to determine what version and fix packs of the Cognos software you are running by following this easy process. Keep in mind that you must be current on support in order to have access to fix packs. If you let this lapse or need assistance, please contact so that we may assist you.

Cognos BI

In regards to Cognos BI, you will need the information found using this IBM support link to compare to your settings.

Open Cognos configuration for BI, hit CTRL-F3, and the properties menu will come up. Click on the installed components tab and compare the numbers listed to the chart.

IBM Security Certificates

Cognos TM1

Cognos TM1 is very similar.  We suggest using this IBM support link to determine the version you are currently using.

Open Cognos configuration for TM1, hit CTRL-F3, and the properties menu will come up. Click on the installed components tab and compare the numbers listed with PLANANALYTICS to the chart.

IBM Security Certificates

Cognos Express

Finally, for determining Cognos Express, open Cognos configuration for Cognos Express, hit CTRL-F3, and the properties menu will come up. Click on the installed components tab and compare the numbers listed with the charts above for BI and TM1. While there is not a specific chart for Cognos Express, the numbers should correlate.

Furthermore, as a general rule for Cognos BI, TM1 or Express, we recommend you being on the most recent fix pack for the version you are running. Ideally, you want to be on the latest version and latest fix packs. For Cognos BI, TM1 and Express, that should be 10.2.2 unless you have upgraded to IBM Cognos Analytics (Cognos 11). The current version of Cognos 11 is 11.0.3 with release 4 coming soon.  Additional fix pack information can be found by visiting the following IBM Fix Central link.

Additional Fix Pack Information

There are also a few other things you can do besides making sure you are on the latest fix packs:

  1. Disable SSL in TM1s.cfg. This is not recommended because it will leave your traffic not protected by the SSL certificate.
  2. Generate your own IBM security certificate and then apply it.
  3. If you are using TM1 10.2.2, upgrade to a 2048 bit SSL as discussed on this IBM Support FAQ link.

Should you need assistance working through these instructions or any other questions regarding IBM security certificates, call Lodestar Solutions at 813-254-2040. If necessary, we will involve one of our technical consultants. We can also install the fix packs to ensure that your systems are up to date with the latest enhancements and updates!

UPDATE – IBM has announced the update fix for this issue (including some enhancements) will be release end of October or early November 2016.

Leave a Comment

Send this to a friend