Configuring Cognos 11 for Smart Card and certificate login

You must modify the OnCommand Insight Data Warehouse configuration to support Smart Card (CAC) and certificate logins for the Cognos server.

Before you begin

This procedure is for systems running OnCommnand Insight 7.3.3 and later.

About this task

Use the following steps to add certificate authorities (CAs) to the Cognos trust store.


  1. In a command window, go to ..\SANscreen\cognos\analytics\configuration\certs\
  2. Use the keytool utility to list the trusted CAs: ..\..\jre\bin\keytool.exe -list -keystore CAMKeystore.jks -storepass NoPassWordSet
    The first word in each line indicates the CA alias.
  3. If necessary, the customer should be able to supply a CA certificate file. Usually a .pem file.
  4. To include customer's CAs with OCI DWH's trusted CA's, go to ..\SANscreen\cognos\analytics\configuration\certs\ and use the keytool import command: ..\..\jre\bin\keytool.exe -importcert -keystore CAMKeystore.jks -alias my_alias -file 'path/to/my.pem' -v -trustcacerts
    my_alias must be a reasonable alias that identifies the CA with the keytool -list operation
  5. When prompted for a password, enter NoPassWordSet, the default password.
  6. Answer yes when prompted to trust the certificate.
  7. To enable CAC mode, execute ..\SANscreen\bin\cognos_cac\enableCognosCAC.bat script
  8. To disable CAC mode, execute ..\SANscreen\bin\cognos_cac\disableCognosCAC.bat script