17.10 - Example: Update Only Invalid Signed Certificates - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Use the tlsutil -u option to create signed certificates on a subset of database servers. This option is used with the -c option only.

When used with the -c option, update mode checks the signed certificates and private keys on all database servers and creates CSRs only for those that do not have a valid certificate and key.

Update mode used with -c reports that all certificates are valid if none fail the validity test. In that case, no further action is required.

For example, as root, run the following commands to update invalid signed certificates:

  1. Generate CSRs:
    # tlsutil -c -u mydb.example.com

    Result: If all certificates are valid, no further action is required.

  2. If some certificates are invalid, sign the certificates using a customer-defined process.
  3. Install the signed certificates and private keys:
    # tlsutil -i