- Generate a PKCS#12/PFX certificate that contains the following:
- Private key that was used to generate the certificate signing request
- Root certificate
- Intermediate certificate
- Server/public certificate
- Make sure the user syncuser has full access to the certificate.
- Teradata recommends using the .p12 extension for the PKCS#12/PFX certificate you generated.
- Verify all EM services (including emrest) are running normally before proceeding.
In a dual-mode environment, complete the steps on the primary and secondary EM TMS nodes.
Make a copy of the emrest.properties file:
cp /opt/teradata/emserver/conf/emrest.properties /opt/teradata/emserver/conf/emrest.properties.org
The user is prompted for the .p12 certificate path, certificate password, and alias specified while generating the .p12 certificate.
- Enter emrest@super when prompted for password for user emrestsuper.
- Select option 3.
- Enter the full path to the .p12 certificate.
- Enter the keystore password.
Use the same password when prompted for the .p12 certificate key password, if a different password is not present.
- Enter the .p12 certificate key password.
- Enter the alias. This is the alias given while generating the .p12 certificate.
This is not the import alias. If an alias was not specified while generating the .p12 certificate, enter a dummy value, such as test.
- Sample output is shown below.
syncuser@<SERVER>:/opt/teradata/emserver/bin> ./emrestconfig.sh Please enter password for user emrestsuper to proceed emrest@super The current keystore is /etc/opt/teradata/em/emrest.ts Please press 1) To add a trusted certificate. You will be asked to provide alias 2) To add a PKCS12 formatted certificate key chain. You will be asked to provide password. 3) To Associate a password protected keyStore that has PKCS12 formatted certificate key chain. You will be asked to provide keystore path, keyStore's password, key's password and key alias. 4) To set the configuration in HTTP mode only 5) To set the configuration in HTTP and HTTPS mode. This will require a certificate already configured with EM. 6) To set the configuration in HTTPS mode(with browser redirect). This will require a certificate already configured with EM 7) To exit from the utility 3 Enter full path to keyStore /tmp/cert.p12 Enter KeyStore's password test123 Enter key password test123 Enter alias test
If a dummy value was specified for alias, run the following command:
sed -i 's/^sslKeyAlias/#sslKeyAlias/' /opt/teradata/emserver/conf/emrest.properties
[Ecosystem Manager versions below 16.20.34.00] Open /opt/teradata/emserver/conf/emrest.properties and do the following:
- Comment the sslCiphers property.
Add the following property in the file:
- Save /opt/teradata/emserver/conf/emrest.properties.