TLS Certificate Stores|verify-ca|verify-full - TLS Certificate Stores - Call-Level Interface Version 2

Teradata® Call-Level Interface Version 2 Reference for Workstation-Attached Systems - 20.00

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
Lake
VMware
Product
Call-Level Interface Version 2
Release Number
20.00
Published
January 2024
Language
English (United States)
Last Update
2024-05-14
dita:mapPath
bmn1691484839905.ditamap
dita:ditavalPath
obe1474387269547.ditaval
dita:id
fvz1470444150352
Product Category
Teradata Tools and Utilities

To ensure that the CLI SSLMODE values, verify-ca and verify-full establish a successful connection to a server, the server’s root certificate and any other intermediate certificates must be imported to the operating system’s trusted certificate stores.

Linux/UNIX

For the supported procedure to install CA certificates into the operating system’s trusted certificate stores, see the operating system’s administration guide or security guide. To find and load trusted CA certificates, CLI uses the default operating system locations. Following is a list of the default locations used by CLI for each platform:

Operating System Trusted Certificate Stores Used by CLI
AIX /var/ssl/certs
RHEL, CentOS, Oracle Linux /etc/pki/tls/cert.pem
SLES 11, 12, 15 /etc/ssl/certs
Ubuntu /etc/ssl/certs
Use the operating system’s documented procedure to install the trusted CA certificates.

Windows

For the supported procedure to install CA certificates into the operating system’s trusted certificate stores, refer to the Windows administration or security guides.

For reference, CLI loads trusted CA certificates from the following stores:

Trusted Root Certification Authorities

Intermediate Certification Authorities

Mac OS X

For the supported procedure to install CA certificates into the operating system’s trusted certificate stores, refer to the Mac OS X administration or security guides.

For reference, CLI loads trusted CA certificates from the System Keychain store.

Custom CA Certificate Store

When a user needs to use a custom trusted certificate store, CLI provides two parameters, namely, SSLCA and SSLCAPATH, to specify the path to the store.