You must create self-signed keys and set up certificates for your SSL environment.
-
Use the ssl_setup_cert_wrapper.sh script to create self-signed keys and certificates in the ActiveMQ directory.
The script is located on the DSC server in the $DSA_DSC_ROOT directory.
Script usage is ssl_setup_cert_wrapper.sh [-h] [-C] [-a activemq_dir], where:
Option Description -h Displays help information. -C Cleans up the configuration files in the specified ActiveMQ directory. -a Specifies the directory where ActiveMQ is installed. -
Type the following at the prompts:
ActiveMQ restarts after certificates are created.Option Description Directory Full path to ActiveMQ directory /opt/teradata/tdactivemq/apache-activemq-5.6.0
Organizational Unit Used to generate a unique key Organization Used to generate a unique key City Used to generate a unique key State Used to generate a unique key Country Used to generate a unique key Keystore Password Keystore password for both broker and client keystores. Certificates are created in: /opt/teradata/tdactivemq/apache-activemq-5.6.0/conf -
Copy files client.pem and client-keystore.pem and preserve file permissions
as follows:
- For all Teradata Database systems and TPA nodes in the DSA environment, type: #cp -p <file_name> /etc/opt/teradata/tdconfig
- For DSA media servers (anywhere ClientHandler is installed), type: #cp -p <file_name> /etc/opt/teradata/dsa/
-
Copy client.ts to the systems where DSC or BARCmdline are installed and preserve file permissions by typing:
#cp -p <file_name> /etc/opt/teradata/dsa
Certificates are valid for 20 years.
-
Enable JMS SSL on the BAR portlets by installing the client.pem certificate on the Viewpoint portlet:
Make sure the client.pem certificate is accessible on your computer.
- From the Teradata Viewpoint portal page, click .
- Open the Certificates portlet.
- From the SETUP list, click Certificate Authority.
- Click Install Certificate.
- Enter an alias for the Certificate Authority, up to 30 characters.
- Click Browse and select the client.pem certificate.
- Click Install.
- Restart the Viewpoint portlet.
- Use the BAR Setup portlet, General category, General System Details tab to change the Broker IP/Host, Broker Port, and Broker Connectivity settings.