Example: Update Only Invalid Signed Certificates - Advanced SQL Engine

Example: Update Only Invalid Signed Certificates - Advanced SQL Engine - Teradata Database

Security Administration

Product

Advanced SQL Engine

Teradata Database

Release Number

17.10

Published

July 2021

Language

English (United States)

Last Update

2022-02-15

dita:mapPath

ppz1593203596223.ditamap

dita:ditavalPath

wrg1590696035526.ditaval

dita:id

B035-1100

lifecycle

Product Category

Teradata Vantage™

Use the tlsutil -u option to create signed certificates on a subset of database servers. This option is used with the -c option only.

When used with the -c option, update mode checks the signed certificates and private keys on all database servers and creates CSRs only for those that do not have a valid certificate and key.

Update mode used with -c reports that all certificates are valid if none fail the validity test. In that case, no further action is required.

For example, as root, run the following commands to update invalid signed certificates:

Generate CSRs:
```
# tlsutil -c -u mydb.example.com
```
Result: If all certificates are valid, no further action is required.
If some certificates are invalid, sign the certificates using a customer-defined process.
Install the signed certificates and private keys:
```
# tlsutil -i
```