17.10 - Obtain the Needed Certificate - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Typically, a certificate can be acquired from the site security administrator. For systems running Linux, with openssl installed, some or all of these certificates can be found in the /etc/site/ssl/certs directory. Do the following to obtain a certificate.

  1. Go to the directory where certificates are stored, for example: /etc/site/ssl/certs.
  2. List the files. The files look similar to:
    dlopldap:~ # cd /etc/ssl/certs
    dlopldap:/etc/ssl/certs # ls
    1e49180d.0  7a9820c1.0         a3c60019.0  demo        thawteCb.pem
    2edf7016.0  843b6c51.0         aad3d04d.0  eng1.pem    thawteCp.pem
    56e607f4.0  878cf4c6.0         argena.pem  eng2.pem    vsign1.pem
    594f1775.0  Equifax-root1.pem  argeng.pem  eng3.pem    vsign3.pem
    6adf0799.0  ICP-Brasil.pem     c33a80d4.0  eng4.pem    vsignss.pem
    6f5d9899.0  RegTP-5R.pem       cdd7aee7.0  eng5.pem    webgo.pem
    714aceac.0  RegTP-6R.pem       d4e39186.0  expired
    7651b327.0  YaST-CA.pem        ddc328ff.0  f73e89fd.0
    dlopldap:/etc/ssl/certs # openssl x509 -inform pem -in vsign3.pem –subject
    subject=  /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority-----BEGIN CERTIFICATE----
    MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
    A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
    cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
    MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
    BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
    YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
    ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
    BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
    I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
    CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
    lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
    AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
    -----END CERTIFICATE-----
    dlopldap:/etc/ssl/certs #
    The files that end in a non-numeric suffix are certificate files. On this system, all certificates are stored in PEM format.
  3. Use the openssl x509 command, with a -subject option, to examine the subject of each certificate. Run the openssl x509 -subject common to each of the .pem files until it finds a file containing a certificate with a subject that matches the missing certificate.

    The subject shown in bold text in the example (subject= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority) matches the subject of the missing certificate identified in the search shown in Using openssl to Identify the Certificates Not Verified.