17.10 - Example: Update Only Invalid Signed Certificates - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
zuy1472246340572

Use the tlsutil -u option to create signed certificates on a subset of database servers. This option is used with the -c option only.

When used with the -c option, update mode checks the signed certificates and private keys on all database servers and creates CSRs only for those that do not have a valid certificate and key.

Update mode used with -c reports that all certificates are valid if none fail the validity test. In that case, no further action is required.

For example, as root, run the following commands to update invalid signed certificates:

  1. Generate CSRs:
    # tlsutil -c -u mydb.example.com

    Result: If all certificates are valid, no further action is required.

  2. If some certificates are invalid, sign the certificates using a customer-defined process.
  3. Install the signed certificates and private keys:
    # tlsutil -i