17.10 - Example: Create Signed Certificates and Private Keys on All Nodes Using ZIP Archives - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
  1. Generate CSRs:
    # tlsutil -c -z mydb.example.com

    Your result will be similar to the following:

    CSRs have been generated for all nodes (4 generated):
       /opt/teradata/tdat/tgtw/site/tls/tmpdir/newcsrs/gtwcsr.mydb1.csr
       /opt/teradata/tdat/tgtw/site/tls/tmpdir/newcsrs/gtwcsr.mydb2.csr
       /opt/teradata/tdat/tgtw/site/tls/tmpdir/newcsrs/gtwcsr.mydb3.csr
       /opt/teradata/tdat/tgtw/site/tls/tmpdir/newcsrs/gtwcsr.mydb4.csr
    CSRs have been archived in:
       /opt/teradata/tdat/tgtw/site/tls/tmpdir/zipfiles/all_csrs.tgz
  2. The customer signs the certificates using a customer-defined process.
  3. Obtain the signed certificates. Run "tar" to archive them and place the archive here: /opt/teradata/tdat/tgtw/site/tls/tmpdir/zipfiles/all_certs.tgz
  4. Install the signed certificates and private keys:
    # tlsutil -i -z

    Result:

    Signed certificate and private key installed on 4 node(s).
  5. Remove the temporary files created from previous steps on each node.
    # tlsutil -r
  6. Optional. Test that the certificates are valid:
    # tlsutil -t