Enable SSL - Set Up Self-Signed Keys / Certificates | Teradata DSA | DSE | DSU - Enabling SSL - Setting Up Self-Signed Keys and Certificates - BAR - Data Stream Architecture - Data Stream Extensions

Teradata® DSA - DSE for IBM Spectrum Protect Installation, Configuration, and Upgrade Guide
Product
BAR
Data Stream Architecture
Data Stream Extensions
Release Number
17.10
Published
March 2021
Language
English (United States)
Last Update
2021-04-19
dita:mapPath
xcs1611950516794.ditamap
dita:ditavalPath
gjr1576617673366.ditaval
dita:id
B035-3155
lifecycle
previous
Product Category
Software
Teradata Tools and Utilities
PrerequisiteTo prevent connection failure, you must follow the steps in Installing Teradata ActiveMQ and Configuring ActiveMQ for SSL or TCP before setting up the self-signed keys and certificates.
You must create self-signed keys and set up certificates for your SSL environment.
  1. Use the ssl_setup_cert_wrapper.sh script to create self-signed keys and certificates in the ActiveMQ directory.
    The script is located on the DSC server in the $DSA_DSC_ROOT directory.

    Script usage is ssl_setup_cert_wrapper.sh [-h] [-C] [-a activemq_dir], where:

    Option Description
    -h Displays help information.
    -C Cleans up the configuration files in the specified ActiveMQ directory.
    -a Specifies the directory where ActiveMQ is installed.
  2. Copy files client.pem and client-keystore.pem and preserve file permissions as follows:
    1. Go to: /opt/teradata/tdactivemq/apache-activemq-5.xx.xx/conf
    2. For all Teradata systems and TPA nodes in the DSA environment, type:
      #cp -p <file_name> /etc/opt/teradata/tdconfig
      #chown teradata /etc/opt/teradata/tdconfig/<file_name>
      #chmod 600 /etc/opt/teradata/tdconfig/<file_name>
    3. For DSA media servers (anywhere ClientHandler is installed), type:
      #cp -p <file_name> /etc/opt/teradata/dsa/
      #chown dscuser /etc/opt/teradata/dsa/<file_name>
      #chmod 600 /etc/opt/teradata/dsa/<file_name>
  3. Copy client.ts to the systems where DSC or BARCmdline are installed and preserve file permissions by typing:
    #cp -p <file_name> /etc/opt/teradata/dsa
    Certificates are valid for 20 years.
  4. Enable JMS SSL on the BAR portlets by installing the client.pem certificate on the Viewpoint portal:
    1. From the Teradata Viewpoint portal, click "".
    2. Open the Certificates portlet.
    3. From the Setup list, click Certificate Authority.
    4. Click Install Certificate.
    5. Enter an alias for the Certificate Authority, up to 30 characters.
    6. Click Browse and select the client.pem certificate.
      Important: Copy client.pem from /etc/opt/teradata/dsa.
    7. Click Install.
    8. Restart Viewpoint.
      /etc/init.d/viewpoint restart
  5. When you add the DSC using the BAR Setup portlet (see Enabling or Adding a DSC Server), select SSL as the Broker Connectivity and add the Broker Port.