When security policy requires mutual authentication of the database and the directory, you must install certificates and associated keys on each Teradata Vantage node. These certificates are known as client certificates because for LDAP purposes, the database are clients of the directory server. Client certificates must be in PEM format and conform to the requirements of the directory server being used. Coordinate with the directory administrator or the directory vendor to determine detailed certificate requirements.
Store the certificates and keys in separate files. Protect the file containing the private key very carefully. Anyone with this key can assume the identity of the database.
You can store the certificates and keys in the same file, but it is not recommended.