17.10 - TLS Certificate Stores - Call-Level Interface Version 2

Teradata® Call-Level Interface Version 2 Reference for Workstation-Attached Systems

Product
Call-Level Interface Version 2
Release Number
17.10
Release Date
October 2021
Content Type
Programming Reference
Publication ID
B035-2418-061K
Language
English (United States)

To ensure that the CLI SSLMODE values, verify-ca and verify-full establish a successful connection to a server, the server’s root certificate and any other intermediate certificates must be imported to the operating system’s trusted certificate stores.

Linux/UNIX

For the supported procedure to install CA certificates into the operating system’s trusted certificate stores, refer to the operating system’s administration guide or security guide. To find and load trusted CA certificates, CLI uses the default operating system locations. The default locations used by CLI for each platform is listed below:

Operating System Trusted Certificate Stores Used by CLI
AIX /var/ssl/certs
RHEL, CentOS, Oracle Linux /etc/pki/tls/cert.pem
SLES 11, 12, 15 /etc/ssl/certs
Ubuntu /etc/ssl/certs
Solaris Opteron, Solaris Sparc /etc/ssl/certs
Use the operating system’s documented procedure to install the trusted CA certificates.

Windows

For the supported procedure to install CA certificates into the operating system’s trusted certificate stores, refer to the Windows administration or security guides.

For reference, CLI loads trusted CA certificates from the following stores:

Trusted Root Certification Authorities

Intermediate Certification Authorities

Mac OS X

For the supported procedure to install CA certificates into the operating system’s trusted certificate stores, refer to the Mac OS X administration or security guides.

For reference, CLI loads trusted CA certificates from the System Keychain store.

Custom CA Certificate Store

When a user needs to use a custom trusted certificate store, CLI provides two parameters, namely, SSLCA and SSLCAPATH, to specify the path to the store.