Corrective Action - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-05-03
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
Product Category
Teradata Vantage
  1. Obtain the certificate from the directory with the openssl command:
    openssl s_client -connect server_name:port
    server_name
    The directory server DNS name.
    port
    The port where SSL listens.
  2. In the output from this command, find the line that begins with subject. This string should contain a CN attribute. The CN attribute value, a name, must resolve in DNS to the IP address of the directory server. The error message occurs because the name is either unresolved, or resolves to the wrong IP address. The error is related to either a DNS problem or a problem with the name in the server certificate.
  3. Check the following items to determine the problem and then fix it.
    1. If the LdapServerName property names the directory server explicitly, make sure the name in the property value matches the name in the subject for the directory server certificate. For example, if the subject CN attribute contains:
      dlopldap.td.example.com

      then make sure the LdapServerName property contains either the TLS specification:

      ldap://dlopldap.td.example.com/

      or the SSL specification:

      ldaps://dlopldap.td.example.com/
    2. Make sure that the name in the CN attribute is resolvable and returns the correct IP address. If it does not resolve or return the correct IP address, fix any errors and try again.
      If the name in the CN attribute cannot be resolved or resolves to the wrong IP address, and cannot be changed in DNS, you must install a new certificate on the directory server. See Checking the Directory Server Certificates.
      The CN attribute must meet these requirements:
      • The subject for the certificate must contain the DNS name (preferably, the fully qualified DNS name) that resolves to the IP address where the server is listening.
      • The DNS name must correctly resolve on the Teradata Vantage nodes.
      • If the LdapServerName attribute is configured to explicitly name directory servers, the value in the subject's CN attribute must be used in the configured LDAP or LDAPS URI.