Creating the Keystore File on an Ecosystem Manager Client

Creating the Keystore File on an Ecosystem Manager Client - Teradata Ecosystem Manager

Teradata Ecosystem Manager Installation, Configuration, and Upgrade Guide for Customers

Product

Teradata Ecosystem Manager

Release Number

15.11

Published

May 2016

Language

English (United States)

Last Update

2018-05-03

dita:mapPath

may1467305870890.ditamap

dita:ditavalPath

3203_ICUCustomer_em_1511.ditaval.ditaval

dita:id

B035-3203

lifecycle

Product Category

Analytical Ecosystem

Perform the following tasks on the Ecosystem Manager Client and all clients that need to be configured with SSL. If multiple clients point to the Ecosystem Manager server, add a suffix or prefix <hostname-of-EM-client> to the generated keystore and truststore files on each client.

Create and navigate to a folder named /home/em where you will place the keystore files.

Create a certificate/keystore for both Active and Standby Ecosystem Manager servers: keytool -genkey -alias <hostname-of-EM-client> -keyalg RSA -keystore server.ks

The system prompts for the following information:

Enter your keystore password:
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit:
[Unknown]:
Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Enter key password for <hostname-of-EM-client>
(RETURN if same as keystore password):

Make sure that the keystore file is created on all participating EM client systems.

Copy the broker_cert1 and broker_cert2 files from the Ecosystem Manager servers to the client and then execute the following command on the client: Keytool -import -alias <hostname-of-EM-server1 or 2> -keystore client.ts -file broker_cert
Replace <hostname-of-EM-server1 > with the hostname of the Active EM server, and <hostname-of-EM-server 2> with the hostname of the Standby EM server.

Use the same password that used to create the broker key file.

Enter keystore password:
Re-enter new password:
Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Serial number: 300263d1
Valid from: Tue Jun 23 18:18:11 UTC 2015 until: Mon Sep 21 18:18:11 UTC 2015
Certificate fingerprints:
         MD5:  C1:1C:8C:C0:9B:A5:42:60:A0:A8:CC:CF:62:65:52:0D
         SHA1: 43:79:D8:32:AD:F2:B0:F9:3A:F6:96:FE:8E:F3:BE:13:71:6B:6B:F2
         SHA256: 83:23:00:9F:4B:19:01:1A:1E:21:78:72:9E:2D:E5:C2:C6:04:9C:1C:58:64:2C:A3:C3:C4:CE:CF:0C:07:0D:D2
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 83 75 6D 0E A2 76 EE 16   84 09 13 40 AF F4 88 8A  .um..v.....@....
0010: 50 65 D2 03                                        Pe..
]
]

Trust this certificate? [no]:  yes
Certificate was added to keystore

This creates a truststore and sets the client trusts the broker.

For both Ecosystem Manager servers, export the client's certificate, so it can be shared with the broker. keytool -export -alias <hostname-of_EM-client> -keystore client.ks -file client_cert
```
Enter keystore password:
Certificate stored in file <client_cert>
```
Make sure the client_cert file is created.
Copy the client_certificate to the Ecosystem Manager servers.
Give 777 access rights to /home/em and all files within it.