PrerequisiteTo prevent connection failure, you must follow the steps in Installing Teradata ActiveMQ and Configuring ActiveMQ for SSL or TCP before setting up the self-signed keys and certificates.
You must create self-signed keys and set up certificates for your SSL environment.
- Use the ssl_setup_cert_wrapper.sh script to create self-signed keys and certificates in the ActiveMQ directory.The script is located on the DSC server in the $DSA_DSC_ROOT directory.
Script usage is ssl_setup_cert_wrapper.sh [-h] [-C] [-a activemq_dir], where:
Option Description -h Displays help information. -C Cleans up the configuration files in the specified ActiveMQ directory. -a Specifies the directory where ActiveMQ is installed. - Copy files client.pem and client-keystore.pem and preserve file permissions
as follows:
- Go to: /opt/teradata/tdactivemq/apache-activemq-5.xx.xx/conf
- For all Teradata systems and TPA nodes in the DSA environment, type:#cp -p <file_name> /etc/opt/teradata/tdconfig#chown teradata /etc/opt/teradata/tdconfig/<file_name>#chmod 600 /etc/opt/teradata/tdconfig/<file_name>
- For DSA media servers (anywhere ClientHandler is installed), type:#cp -p <file_name> /etc/opt/teradata/dsa/#chown dscuser /etc/opt/teradata/dsa/<file_name>#chmod 600 /etc/opt/teradata/dsa/<file_name>
- Copy client.ts to the systems where DSC or BARCmdline are installed and preserve file permissions by typing:#cp -p <file_name> /etc/opt/teradata/dsaCertificates are valid for 20 years.
- Enable JMS SSL on the BAR portlets by installing the client.pem certificate on the Viewpoint portal:
- From the Teradata Viewpoint portal, click
.
- Open the Certificates portlet.
- From the Setup list, click Certificate Authority.
- Click Install Certificate.
- Enter an alias for the Certificate Authority, up to 30 characters.
- Click Browse and select the client.pem certificate.Important: Copy client.pem from /etc/opt/teradata/dsa.
- Click Install.
- Restart Viewpoint./etc/init.d/viewpoint restart
- From the Teradata Viewpoint portal, click
- When you add the DSC using the BAR Setup portlet (see Enabling or Adding a DSC Server), select SSL as the Broker Connectivity and add the Broker Port.