Perform the following procedure on each Teradata Vantage node.
- Obtain a certificate and key in PEM format, according to your site security policy.
- Create a directory called site/ssl/cacerts in the:
- TDGSS site directory on database nodes.
- From within the directory you created in the previous step, create an empty file named clientkey.pem, using the following commands:
touch clientkey.pem chmod 0600 clientkey.pem
- Place the key in this file using a text editor or the Posix cat command.
- Secure the clientkey.pem file to be read-write for the file owner.
The resulting clientkey.pem file looks similar to:
-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDRBPoI/fdAoezFRaqN63IdYW1Laucs+akMr+0qP47kKu/SkyUh d6u1EfLryzBIEubTD//GJXLDBCS4DbCx7xDzSVCUFQmR+X16241kKsyqO6wvd+9J pCWk6ktksV0gK437HG4YKo4q4BHIjl3VSRZxDqv2GU8IYfFesqWAdFhEhwIDAQAB AoGAIw0AmO1tvwroV5R9K1tmQYMK/vCoX6RmMth1nvYVkjGZEejW+yvEQZMG93+V UyDIUHCIZcP14LobJjo1fUEnyDag37P7FE9JDXr7I3QRNA0keR+w0egNpMcQMiDE Bgj7UCycCxuzOFX1UuvcnCMJH7QfBLb3p01BgK6W2ENfxLECQQD5PMSfs+ogS7Bb fcHlthBJA3576PyBeBURrcz/O3lmUTKz0vAzXBPWTxNCV/tLn1HUvEYuiZ2pyun3 0zjcr2UFAkEA1rDZpCMZ4woUkvYX+BwkffG8HXnZNGROd4zu1tbQEgeBjOSVx299 s/FSxEgtMRSGv6vPwDMCQFyy+teDJ7Im8isJTDNbF19HTv+qzYdRDmRPUEZqPB4W 7FMz/PlpoOmeGj1gTID5Hfjw7kPvHfi5GwJBAO83aik2j8LLostNmqsV4e+SUPYx GxpQ3TgIrrdSqCSSTq3WCgHhoJCTeRK2S1W75tjelCXao97yCTp6GxuFpNkCQDLv wKNlxJWOZbU8eBFgs/PBr80ahMMebVOF94C3dKRibYU9EqA/vpOcZgBGOJ557w3w 66sz2d5P4q71EBDcWE05DsFE9fqwAR5xcoWqGPYiuh0= -----END RSA PRIVATE KEY-----
- Use the following commands to prevent unauthorized persons from obtaining the key. OpenSSL does not accept a key in a globally readable file.
chmod 0400 clientkey.pem chown gtw-user clientkey.pem
Substitute the user name of the Vantage gateway user for gtw-user.