Execute the following procedure on each Teradata Vantage node and on the Unity server, if used.
- Obtain a certificate and key in pem format, according to your site security policy.
- Create a directory called site/ssl/cacerts in the:
- TDGSS site directory on database nodes.
- From within the new directory you created in step 1, create an empty file named clientkey.pem, using the following commands:
Enter: touch clientkey.pem
Then enter: chmod 0600 clientkey.pem
- Place the key in this file using an editor or the Posix cat command.
- Secure the clientkey.pem file to be read-write for the file owner.
The resulting clientkey.pem file looks similar to:
-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDRBPoI/fdAoezFRaqN63IdYW1Laucs+akMr+0qP47kKu/SkyUh d6u1EfLryzBIEubTD//GJXLDBCS4DbCx7xDzSVCUFQmR+X16241kKsyqO6wvd+9J pCWk6ktksV0gK437HG4YKo4q4BHIjl3VSRZxDqv2GU8IYfFesqWAdFhEhwIDAQAB AoGAIw0AmO1tvwroV5R9K1tmQYMK/vCoX6RmMth1nvYVkjGZEejW+yvEQZMG93+V UyDIUHCIZcP14LobJjo1fUEnyDag37P7FE9JDXr7I3QRNA0keR+w0egNpMcQMiDE Bgj7UCycCxuzOFX1UuvcnCMJH7QfBLb3p01BgK6W2ENfxLECQQD5PMSfs+ogS7Bb fcHlthBJA3576PyBeBURrcz/O3lmUTKz0vAzXBPWTxNCV/tLn1HUvEYuiZ2pyun3 0zjcr2UFAkEA1rDZpCMZ4woUkvYX+BwkffG8HXnZNGROd4zu1tbQEgeBjOSVx299 s/FSxEgtMRSGv6vPwDMCQFyy+teDJ7Im8isJTDNbF19HTv+qzYdRDmRPUEZqPB4W 7FMz/PlpoOmeGj1gTID5Hfjw7kPvHfi5GwJBAO83aik2j8LLostNmqsV4e+SUPYx GxpQ3TgIrrdSqCSSTq3WCgHhoJCTeRK2S1W75tjelCXao97yCTp6GxuFpNkCQDLv wKNlxJWOZbU8eBFgs/PBr80ahMMebVOF94C3dKRibYU9EqA/vpOcZgBGOJ557w3w 66sz2d5P4q71EBDcWE05DsFE9fqwAR5xcoWqGPYiuh0= -----END RSA PRIVATE KEY-----
- OpenSSL does not accept a key in a globally readable file. Use the following commands to prevent unauthorized persons from obtaining the key.
- Enter chmod 0400 clientkey.pem
- Enter chown gtw-or-unity-user clientkey.pem
- Substitute the user name of the Vantage gateway or Unity user for gtw-or-unity-user.