when you configure Cognos components.For all installations, before you use Web pages generated by Cognos 8, you must configure your Web server. You must set up virtual directories, also known as Web aliases, for the directories that contain the HTML and Web files for Cognos 8. For Cognos 8 for reporting, you must also set the content expiry for the images directory in your Web server so that the Web browser does not check image status after the first access.
You must set up virtual directories, also known as Web aliases, for your Cognos 8 environment. The virtual directories must be created to connect to the Cognos 8 portal and for client applications to be able to connect to the server.
On UNIX and Linux, the account under which the Web server runs must have read access to the cogstartup.xml file in the c8_location/configuration directory. By default the cogstartup.xml file has read permission for others. If you run your Web server under a specific group, you can change the cogstartup.xml file permissions to ensure that it belongs to the same group as the Web server. You can then remove the read permission for others.
Create the following virtual directories:
Alias | Location | Permission |
cognos8 | c8_location/webcontent | Read |
cognos8/cgi-bin | c8_location/cgi-bin | Execute |
You can use a name other than cognos8 in the aliases. However, you must use cgi-bin as the second part of the alias and you must change the virtual directory in the Gateway URI property to match the new Cognos alias. For more information, see Change a URI.
If you are upgrading from ReportNet, you can continue to use the existing aliases. If you install Cognos 8 reporting components in a different location from ReportNet, change the existing aliases to include the new location. If you have more than one version of ReportNet on one computer, you must use different alias names for Cognos 8.
For Apache Web Server, ensure that you define the cognos8/cgi-bin alias before the cognos8 alias in the httpd.conf file located in the Apache_installation/conf directory. The cognos8/cgi-bin alias must be defined as a ScriptAlias.
If you want to use Report Studio’s image browser, enable Web Distributed Authoring and Versioning (WebDAV) on your Web server.
If you use Apache Web Server, specify a directory in which to enable WebDAV. For information about configuring WebDAV, see your Web server documentation.
For Cognos 8 for reporting, set the content expiry on the c8_location/pat/images virtual directory in your Web server.
Each time a user opens Report Studio, their Web browser checks with the Web server to determine if images are current. Because there are over 600 images, this can result in excess network traffic. You can postpone this check until a specified date by using the content expiry feature of the Web server.
For information on setting content expiry, see the documentation for your Web server.
Note: When you upgrade, Report Studio users must clear their Web browser cache to get the latest images.
If you use Web aliases other than
cognos8, or your Web server is on another computer, or you are using
Microsoft Internet Application Interface (ISAPI), apache_mod or
a servlet gateway, change the Gateway URI when you configure Cognos components.
Enable secure sockets layer (SSL) to encrypt a user’s communication with the Web server.
To enable SSL on your Web server, you must obtain a Web server certificate signed by a Certificate Authority and install it into your Web server. The certificate must not be self-signed, because self-signed certificates will not be trusted by Cognos components.
To enable Cognos components to use an SSL-enabled Web server, you must have copies of the trusted root certificate (the certificate of the root Certificate Authority which signed the Web server certificate) and all other certificates which make up the chain of trust for the Web server’s certificate. These certificates must be in Base64 encoded in ASCII (PEM) or DER format, and must not be self-signed. The certificates must be installed on every computer where you have installed Application Tier Components.
For more information about installing certificates into your Web server, see your Web server documentation.
Configure the Web server for SSL and start the Web server.
For more information, see your Web server documentation
On each Application Tier Components computer that points to the gateway on the Web server, in Cognos Configuration, change the gateway URI from HTTP to HTTPS, and save the configuration.
Important: Do not start the Cognos 8 service yet.
On each Planning Server computer that points to the gateway, in Cognos Configuration, change the gateway URI from HTTP to HTTPS, and save the configuration.
Important: Do not start the Cognos 8 service yet.
On each Application Tier Components computer, go to the c8_location/bin directory and import all of the certificates that make up the chain of trust, in order starting with the root CA certificate, into the Cognos trust store.
Import the certificates by typing the following command:
On UNIX or LINUX, type
ThirdPartyCertificateTool.sh -T -i -r certificate_fileName -D ../configuration/signkeypair -p password
On Windows, type
ThirdPartyCertificateTool.bat -T -i -r certificate_fileName -D ../configuration/signkeypair -p password
Note: The password should have already been set. If not, the default password is NoPassWordSet.
On each Planning Server computer, go to the c8_location/bin directory and import all of the certificates that make up the chain of trust, in order starting with the root CA certificate, into the Cognos trust store.
Import the certificates by typing the following command:
ThirdPartyCertificateTool.bat -T -i -r certificate_fileName -D ../configuration/signkeypair -p password
Note: The password should have already been set. If not, the default password is NoPassWordSet.
On each Application Tier Components computer, in Cognos Configuration, start the Cognos 8 service.
On each Planning Server computer, in Cognos Configuration, start the Cognos 8 service.
You can verify trust, by creating and running a PDF report that contains pictures that are not stored locally but which the gateway gets from a remote computer. If the pictures appear, trust is established.
To avoid being prompted by a security alert for each new session, install the certificate into one of your Web browser’s certificate stores.
In addition, you may want to set up SSL connections between Cognos components and other servers. You must ensure that SSL is set up for the other servers and then you must set up a shared trust between Cognos components and the other servers. For more information, see Configuring the SSL Protocol.
