Obtain the Needed Certificate - Advanced SQL Engine

Obtain the Needed Certificate - Advanced SQL Engine - Teradata Database

Security Administration

Product

Advanced SQL Engine

Teradata Database

Release Number

17.10

Published

July 2021

Language

English (United States)

Last Update

2022-02-15

dita:mapPath

ppz1593203596223.ditamap

dita:ditavalPath

wrg1590696035526.ditaval

dita:id

B035-1100

lifecycle

Product Category

Teradata Vantage™

Typically, a certificate can be acquired from the site security administrator. For systems running Linux, with openssl installed, some or all of these certificates can be found in the /etc/site/ssl/certs directory. Do the following to obtain a certificate.

Go to the directory where certificates are stored, for example: /etc/site/ssl/certs.

List the files. The files look similar to:

dlopldap:~ # cd /etc/ssl/certs
dlopldap:/etc/ssl/certs # ls
1e49180d.0  7a9820c1.0         a3c60019.0  demo        thawteCb.pem
2edf7016.0  843b6c51.0         aad3d04d.0  eng1.pem    thawteCp.pem
56e607f4.0  878cf4c6.0         argena.pem  eng2.pem    vsign1.pem
594f1775.0  Equifax-root1.pem  argeng.pem  eng3.pem    vsign3.pem
6adf0799.0  ICP-Brasil.pem     c33a80d4.0  eng4.pem    vsignss.pem
6f5d9899.0  RegTP-5R.pem       cdd7aee7.0  eng5.pem    webgo.pem
714aceac.0  RegTP-6R.pem       d4e39186.0  expired
7651b327.0  YaST-CA.pem        ddc328ff.0  f73e89fd.0
dlopldap:/etc/ssl/certs # openssl x509 -inform pem -in vsign3.pem –subject
subject=  /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority-----BEGIN CERTIFICATE----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
-----END CERTIFICATE-----
dlopldap:/etc/ssl/certs #

The files that end in a non-numeric suffix are certificate files. On this system, all certificates are stored in PEM format.

Use the openssl x509 command, with a -subject option, to examine the subject of each certificate. Run the openssl x509 -subject common to each of the .pem files until it finds a file containing a certificate with a subject that matches the missing certificate.
The subject shown in bold text in the example (subject= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority) matches the subject of the missing certificate identified in the search shown in Using openssl to Identify the Certificates Not Verified.