Perform the following steps on both Ecosystem Manager servers.
- Stop EM services as syncuser: /opt/teradata/emserver/bin/emstopall.sh
- Stop the tdactivemq service as a non-syncuser: /etc/init.d/tdactivemq stop
-
Rename all the default key and trust files located in this folder:
/opt/teradata/tdactivemq/apache-activemq-5.13.1/conf
Old Key Name New Key Name broker.ks broker.ks.default broker.ts broker.ts.default client.ks client.ks.default client.ts client.ts.default This is a backup step if you want to restore the default values. -
Run the keytool command from /opt/teradata/jvm64/jdk7/jre/bin and complete the system prompts to create a certificate for the broker (change the alias to the broker's host name):
keytool -genkey -alias <host-name-of-EM-Server> -keyalg RSA -keystore broker.ks
The system prompts for the following information:
Enter your keystore password: What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit: [Unknown]: Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for <broker>
Make note of the password for later use. Make sure broker.ks is created.
-
Export the broker certificate to share with clients:
You must assign different names to each broker certificate file on each server (for example, Broker_cert1 and Brokercert2). Replace <host-name-of-EM-Server1> with the Active EM server and <host-name-of-EM-Server2> with the Standby EM server.
- On the Active EM server, run keytool -export -alias <host-name-of-Active-EM-Server> -keystore broker.ks -file broker_cert1
- On the Standby EM server, run keytool -export -alias <host-name-of-Standby-EM-Server> -keystore broker.ks -file broker_cert2