| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148 |
- <?xml version="1.0" encoding="UTF-8"?>
- <!--
- Licensed Materials - Property of IBM
- IBM Cognos Products: cclmcf
- (C) Copyright IBM Corp. 2009, 2013
- US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
- ===============================================================================================
- Configuration samples for CRYPTO.
- ===============================================================================================
- -->
- <crn:parameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:crn="http://developer.cognos.com/schemas/crconfig/1/" xsi:schemaLocation="http://developer.cognos.com/schemas/crconfig/1/ cogstartup.xsd" version="175.0">
- <crn:parameter name="CRYPTO" opaque="true">
- <crn:value>
- <crn:instances name="cryptoProvider">
- <!--
- ===============================================================================
- (Begin of) CognosCrypto template
- -->
- <crn:instance name="CognosCrypto Name" class="CognosCrypto">
- <!-- certificateLocation: Specifies the location of trusted certificates. -->
- <crn:parameter name="certificateLocation">
- <crn:value xsi:type="cfg:folderPath">../configuration/certs</crn:value>
- </crn:parameter>
- <!-- cognosCryptoConfidentialityAlgorithm: Specify the confidentiality algorithm. -->
- <!-- Use this property to specify the encryption algorithm when transmitting
- information. -->
- <crn:parameter name="cognosCryptoConfidentialityAlgorithm">
- <crn:value xsi:type="xsd:string">AES</crn:value>
- </crn:parameter>
- <!-- cognosPDFConfidentialityAlgorithm: Specify the PDF confidentiality algorithm. -->
- <!-- Use this property to specify the encryption algorithm when encrypting PDF
- data. -->
- <crn:parameter name="cognosPDFConfidentialityAlgorithm">
- <crn:value xsi:type="xsd:string">AES</crn:value>
- </crn:parameter>
- <!-- cognosCryptoCiphersuite: Specifies a list of supported ciphersuites in
- priority sequence. -->
- <!-- Use this property to specify what ciphersuites are acceptable in this install.
- The selected ciphersuites are then presented to the SSL negotiation in priority
- sequence for both client and server sides of the negotiation. At least one of
- the selected ciphersuites between configured client and server platforms must
- match. -->
- <crn:parameter name="cognosCryptoCiphersuite">
- <crn:value xsi:type="cfg:sortedArray">
- </crn:value>
- </crn:parameter>
- <!-- keystoreFilePassword: Specifies the password used to protect the key store. -->
- <!-- This password is required to secure the IBM Cognos keystore. It provides an
- extra layer of security by encrypting the keystore file using a password. -->
- <crn:parameter name="keystoreFilePassword">
- <crn:value xsi:type="cfg:systemPassword">NoPassWordSet</crn:value>
- </crn:parameter>
- <!-- serverCommonName: Specifies the common name (CN) portion of the distinguished
- name (DN) for this computer. -->
- <!-- An example of a common name is the host name of the computer. -->
- <crn:parameter name="serverCommonName">
- <crn:value xsi:type="xsd:string">CAMUSER</crn:value>
- </crn:parameter>
- <!-- distinguishedNameOrganization: Specifies the organization name (O) used in the
- distinguished name (DN). -->
- <!-- An example of an organization is MyCompany. -->
- <crn:parameter name="distinguishedNameOrganization">
- <crn:value xsi:type="xsd:string">Cognos</crn:value>
- </crn:parameter>
- <!-- distinguishedNameCountry: Specifies the two-letter country or region code used
- in the distinguished name (DN). -->
- <!-- For example, the code for Japan is JP. -->
- <crn:parameter name="distinguishedNameCountry">
- <crn:value xsi:type="xsd:string">CA</crn:value>
- </crn:parameter>
- <!-- thirdPartyCA: Specifies whether to use an external Certificate Authority. -->
- <!-- If this value is set to true, the IBM Cognos Certificate Authority service is
- not used. A third party Certificate Authority will manually process certificate
- requests. -->
- <crn:parameter name="thirdPartyCA">
- <crn:value xsi:type="xsd:boolean">false</crn:value>
- </crn:parameter>
- <!-- certificateAuthorityServiceCommonName: Specifies the common name (CN) portion
- of the distinguished name (DN) for the Certificate Authority service computer. -->
- <!-- An example of a common name is the host name of the computer. Do not use
- localhost. -->
- <crn:parameter name="certificateAuthorityServiceCommonName">
- <crn:value xsi:type="xsd:string">CA</crn:value>
- </crn:parameter>
- <!-- certificateAuthorityServicePassword: Specifies the password used to validate
- certificate requests sent to the Certificate Authority service. -->
- <!-- This property must be the same for clients using the Certificate Authority and
- the Certificate Authority service itself. For example, the password you specify
- for IBM Cognos installations that do not have Content Manager must match the
- password you specify for the installation that has Content Manager. The
- Certificate Authority service is installed with the Content Manager. By
- default, this password is immediately encrypted when you save your
- configuration. -->
- <crn:parameter name="certificateAuthorityServicePassword">
- <crn:value xsi:type="cfg:systemPassword" encrypted="false"/>
- </crn:parameter>
- <!-- certificateAuthorityServiceCertificateLifetime: Specifies the maximum number
- of days that a certificate signed by the Certificate Authority service is
- valid. -->
- <!-- The validity period that you set for certificates depends on a number of
- factors, such as the strength of the private key used to sign the certificate. -->
- <!-- Units: day -->
- <crn:parameter name="certificateAuthorityServiceCertificateLifetime">
- <crn:value xsi:type="xsd:long">730</crn:value>
- </crn:parameter>
- <!-- sanDNSName: A space-separated list of DNS names that are added to the Subject
- Alternative Name extension in the server certificate. At least one DNS name
- should be added to the certificate. The name should match the fully qualified
- host name that is used to connect to the server. -->
- <!-- Specifies the DNS names that are added to the Subject Alternative Name
- extensions in the server certificate. -->
- <crn:parameter name="sanDNSName">
- <crn:value xsi:type="xsd:string">
- </crn:value>
- </crn:parameter>
- <!-- sanIPAddress: A space-separated list of IP addresses that will be added to the
- Subject Alternative Name extension in the server certificate. This property is
- only required if clients will be connecting to this server using an IP address.
- Otherwise, it can be left empty. -->
- <!-- Specifies the IP addresses that are added to the Subject Alternative Name
- extensions in the server certificate. -->
- <crn:parameter name="sanIPAddress">
- <crn:value xsi:type="xsd:string">
- </crn:value>
- </crn:parameter>
- <!-- sanEmail: A space-separated list of e-mail addresses that are added to the
- Subject Alternative Name extension in the server certificate. If no e-mail
- addresses are required, this property can be left empty. -->
- <!-- Specifies the e-mail addresses that are added to the Subject Alternative Name
- extensions in the server certificate. -->
- <crn:parameter name="sanEmail">
- <crn:value xsi:type="xsd:string">
- </crn:value>
- </crn:parameter>
- </crn:instance>
- <!--
- (End of) CognosCrypto template
- ===============================================================================
- -->
- </crn:instances>
- </crn:value>
- </crn:parameter>
- </crn:parameters>
|
