You must create self-signed keys and set up certificates for your SSL environment.
-
Use the ssl_setup_cert_wrapper.sh script to create self-signed keys and certificates in the ActiveMQ directory.
The script is located on the DSC server in the $DSA_DSC_ROOT directory.
Script usage is ssl_setup_cert_wrapper.sh [-h] [-C] [-a activemq_dir], where:
Option Description -h Displays help information. -C Cleans up the configuration files in the specified ActiveMQ directory. -a Specifies the directory where ActiveMQ is installed. -
Type the following at the prompts:
ActiveMQ restarts after certificates are created.Option Description Directory Full path to ActiveMQ directory /opt/teradata/tdactivemq/apache-activemq-5.6.0
ActiveMQ Broker URL Host name of the ActiveMQ broker Organizational Unit Used to generate a unique key Organization Used to generate a unique key City Used to generate a unique key State Used to generate a unique key Country Used to generate a unique key Keystore Password Keystore password for both broker and client keystores. Certificates are created in: /opt/teradata/tdactivemq/apache-activemq-5.6.0/conf -
Copy files client.pem and client-keystore.pem and preserve file permissions
as follows:
- For all Teradata Database systems and TPA nodes in the DSA environment, type: #cp -p <file_name> /etc/opt/teradata/tdconfig
- For DSA media servers (anywhere ClientHandler is installed), type: #cp -p <file_name> /etc/opt/teradata/dsa/
-
Copy client.ts to the systems where DSC or BARCmdline are installed and preserve file permissions by typing:
#cp -p <file_name> /etc/opt/teradata/dsa
Certificates are valid for 20 years.
-
Enable JMS SSL on the BAR portlets by installing the client.pem certificate on the Viewpoint portlet:
Make sure the client.pem certificate is accessible on your computer.
- From the Teradata Viewpoint portal page, click .
- Open the Certificates portlet.
- From the SETUP list, click Certificate Authority.
- Click Install Certificate.
- Enter an alias for the Certificate Authority, up to 30 characters.
- Click Browse and select the client.pem certificate.
- Click Install.
-
Run the BAR portlet SSL script on the Viewpoint server:
BARPortlets.15.11.00.00/barportlets_ssl_setup.sh ssl
The script is included with the BAR portlet package.
- If the SSL port is different from the TCP port, update the broker.port property in the following properties files: barportlet.properties
- Restart the Viewpoint portlet.