Hi Brian
Many thanks for that link.
http://www-01.ibm.com/support/docview.w ... wg21990869
A link from that
http://www-01.ibm.com/support/docview.w ... wg21990588
Does at least confirm that there will be a third option, of installing "
updated default/applixca certificates".
Which is certainly our preferred option. It gives instructions for updating the certificates.
The Technote does seem to imply that the v2 Certs are only going to work to 10.2+. I had thought that IBM were going to be releasing a patch for 10.1 to allow it to use the v2 certs but that doesn't appear to be the case.
My client is still on 10.1 and cannot upgrade to 10.2 because the consultancy that implemented the system designed it with BI Reports launching TM1 Web sheets, passing parameters via the URL API. This means that we have several hundred reports to update in order cater for in my view, the largely unnecessary changes to the URL API when IBM moved from .Net based TM1 Web to Java based TM1 Web. I will probably have to write a program to parse the XML in the BI reports to do this.
Anyway, the only option for us, certainly by 24th Nov, is to stay on 10.1 and apply the updated certificates. Unfortunately the tech note does not say when they will be released. When they are, I will certainly be advancing the server and client clocks in one of our non-prod environments to check that they work before the 24th Nov.
I spoke to our IBM Account Manager on Monday, but I have heard nothing further from him, nor from the PMR that we raised. Thank god (or should that be InfoCat?) for this forum.
I have another client who is still on 9.5. They are intending to upgrade to 10.2 but they wanted to get an upgrade to their general ledger finished first. I know that IBM won't confirm it, as 9.5 is no longer supported, however, it seems likely that the new certificates with the extended expiry dates will work on earlier versions. The instructions refer to downloading an Updater. However, that just seems to be something like a self-extracting zip file that creates folders with the new certificates. After that it seems to be a matter of using standard tools that were already there in 9.5 to install the certificates:
importsslcert.exe
It also refers to an uninstallSSL.bat file which isn't there in 9.5, but when I looked at this on 10.2, all it does is
importsslcert.exe -remove
so there isn't really a need for the bat file.
Regards
Paul Simon