Steps to regenerate cryptographic keys
Question
What are the steps to regenerate cryptographic keys ?
Answer
1. Open Cognos Configuration. From the File menu, click Export As and save the configuration information in a decrypted format. When naming the file, use a name such as "decrypted.xml". You are prompted to acknowledge that the export is an unsecure operation depending on the version of Cognos being used. Move decrypted.xml to c8_location/configuration directory.
2. Stop the IBM Cognos 8 service:
- If you use Tomcat, stop the IBM Cognos 8 service and close IBM Cognos Configuration.
- If you use an application server other than Tomcat, shut down IBM Cognos 8 in your environment.
3. Back up any existing cryptographic keys by saving the appropriate files and directories to an
alternate location.
The files are
- c8_location/configuration/cogstartup.xml
- c8_location/configuration/caSerial
- c8_location/configuration/cogconfig.prefs
- c8_location/configuration/coglocale.xml
The directories are
- c8_location/configuration/csk
- c8_location/configuration/encryptkeypair
- c8_location/configuration/signkeypair
4. Delete the cogstartup.xml, caSerial, cogconfig.prefs and coglocale.xml files and the three directories: csk, encryptkeypair, and signkeypair whose path are mentioned above.
5. Rename the file "decrypted.xml" to cogstartup.xml.
Important: In the c8_location/configuration directory, the file must use the name "cogstartup.xml".
6. Open Cognos Configuration and Click on save icon. This would re-generate the cryptographic keys. Sometime you may get a popup window while opening Cognos Configuration saying that the default configuration would be loaded, simply click on OK button and save the configuration settings by click on save icon.
7. Now you can start the cognos service without any issue.
The information in this cogstartup.xml file will be automatically re-encrypted using new cryptographic keys when you save the configuration in IBM Cognos Configuration.
Please make a note of the following if you are trying to regenerate cryptographic keys on distributed setup:-
a) You would need to perform the above steps first on the server on which Content manager is installed and running followed by the Stand by Content Manager(if applicable), application tier and then the gateway.
b) Once you have regenerated the keys on the server on which Content manager is installed, make sure that the Cognos Service on that system(Content Manager) is running before you proceed to perform the above steps on application tier and gateway.
c) While you try to regenerate cryptographic keys on gateway system make sure that you have Cognos service running on Application Tier as well. In other words Dispatcher and Content Manager service should be in running state while you try to regenerate cryptographic keys on gateway system or else you would end up getting error on gateway system.
What are the steps to regenerate cryptographic keys ?
Answer
1. Open Cognos Configuration. From the File menu, click Export As and save the configuration information in a decrypted format. When naming the file, use a name such as "decrypted.xml". You are prompted to acknowledge that the export is an unsecure operation depending on the version of Cognos being used. Move decrypted.xml to c8_location/configuration directory.
2. Stop the IBM Cognos 8 service:
- If you use Tomcat, stop the IBM Cognos 8 service and close IBM Cognos Configuration.
- If you use an application server other than Tomcat, shut down IBM Cognos 8 in your environment.
3. Back up any existing cryptographic keys by saving the appropriate files and directories to an
alternate location.
The files are
- c8_location/configuration/cogstartup.xml
- c8_location/configuration/caSerial
- c8_location/configuration/cogconfig.prefs
- c8_location/configuration/coglocale.xml
The directories are
- c8_location/configuration/csk
- c8_location/configuration/encryptkeypair
- c8_location/configuration/signkeypair
4. Delete the cogstartup.xml, caSerial, cogconfig.prefs and coglocale.xml files and the three directories: csk, encryptkeypair, and signkeypair whose path are mentioned above.
5. Rename the file "decrypted.xml" to cogstartup.xml.
Important: In the c8_location/configuration directory, the file must use the name "cogstartup.xml".
6. Open Cognos Configuration and Click on save icon. This would re-generate the cryptographic keys. Sometime you may get a popup window while opening Cognos Configuration saying that the default configuration would be loaded, simply click on OK button and save the configuration settings by click on save icon.
7. Now you can start the cognos service without any issue.
The information in this cogstartup.xml file will be automatically re-encrypted using new cryptographic keys when you save the configuration in IBM Cognos Configuration.
Please make a note of the following if you are trying to regenerate cryptographic keys on distributed setup:-
a) You would need to perform the above steps first on the server on which Content manager is installed and running followed by the Stand by Content Manager(if applicable), application tier and then the gateway.
b) Once you have regenerated the keys on the server on which Content manager is installed, make sure that the Cognos Service on that system(Content Manager) is running before you proceed to perform the above steps on application tier and gateway.
c) While you try to regenerate cryptographic keys on gateway system make sure that you have Cognos service running on Application Tier as well. In other words Dispatcher and Content Manager service should be in running state while you try to regenerate cryptographic keys on gateway system or else you would end up getting error on gateway system.
Comments
Post a Comment