Postman SSL Cert

[Paul-TM1]

Hi all,
I am trying REST API and was able to work disabling "SSL certificate verification."

To enable "SSL certificate verification", we have to import SSL cert and am looking for those steps.
In the link "https://www.ibm.com/support/pages/node/6620979" point 5, "import the certificate that is used by TM1 Server" is what is to be done. What and where is the SSL cert in the server? Is it the "D:\Program Files\ibm\cognos\tm1_64\bin64\ssl" folder?

Can someone let me know the steps - as to where the cert is and how should a cer and a key file be loaded to postman and what should be the URL? Also, how do we autmate?

Our PA2 version is 2.0.9.5.

Thanks,
Paul.

[burnstripe]

This is how to import into the certificate into postman
https://learning.postman.com/docs/sendi ... tificates/

And here's a way to get that certificate
https://www.ibm.com/support/pages/how-o ... ertificate

If your tm1 is just using the default SSL cert does reside in the the SSL folder you mention. The file is called ibmtm1.arm, this includes the base64 encoded cert and a public key

[Paul-TM1]

Thanks Burnstripe for the reply.
We are using the default SSL cert and so I used the "ibmtm1.arm" like you said and actually renamed it to .pem and get this error.

SSL Error: Hostname/IP does not match certificate's altnames

What should be my next steps?

Renaming was an idea from this link.
https://serverfault.com/questions/18859 ... em-format

Thanks,
Paul.

[burnstripe]

Are you able to import it without converting to a pem. Or does postman require that specific format... I may have to do some testing on this myself to see if I can be of further assistance.

My guess is the private key is being lost when you rename the file from .arm to .pem
Have you looked into ikeyman to extract it in pem, might be an option

[Paul-TM1]

Hi Burnstripe,
I tried to extract the TM1 cert (ibmtm1.arm) that we loaded loaded into the Cognos key store and it gave a .arm file and not cer file with key. Can you please try on your side once? I am stuck here.

Thanks,
Paul.

[burnstripe]

Hi Paul,

In order for Postman to work with SSL certificate verification enabled, you would need to have your adminhost configured for SSL, aka the rest api address http://localhost:52670/api/v1/$metadata would need to be using https.

If it's not then this setting SSL certificate verification must be disable.

If the rest api address is accessible through https e.g. https://localhost:52670/api/v1/$metadata then you can get a copy of the certificate by navigating to the address in a browser through chrome/edge etc...

To extract using chrome for example, put the rest api address in, and on the padlock next to the address bar, click into this, select certificate is secure, and then certificate is valid. In the popup go to details, select export and you can call it .crt.

Then go into Postman, Settings, Certificates and where it says client certificates select add certificate. Enter host details and select the CRT file. Leave the passphrase blank and click add. That should be it... Note: I don't have a system to test this on.

You shouldn't need to use the ibmtm1.arm. Note: You may also need to install the certificate onto your machine for it to be trusted. To do this find your crt file, right click and select install certificate