16.00 - Creating the Broker Key File on the Ecosystem Manager Server in Dual Mode - Teradata Ecosystem Manager

Teradata Ecosystem Manager Installation, Configuration, and Upgrade Guide for Customers

prodname
Teradata Ecosystem Manager
vrm_release
16.00
created_date
December 2016
category
Configuration
Installation
featnum
B035-3203-116K
Perform the following steps on both Ecosystem Manager servers.
  1. Stop EM services as syncuser: /opt/teradata/emserver/bin/emstopall.sh
  2. Stop the tdactivemq service as a non-syncuser: /etc/init.d/tdactivemq stop
  3. Rename all the default key and trust files located in this folder: /opt/teradata/tdactivemq/apache-activemq-5.13.1/conf
    Old Key Name New Key Name
    broker.ks broker.ks.default
    broker.ts broker.ts.default
    client.ks client.ks.default
    client.ts client.ts.default
    This is a backup step if you want to restore the default values.
  4. Run the keytool command from /opt/teradata/jvm64/jdk7/jre/bin and complete the system prompts to create a certificate for the broker (change the alias to the broker's host name): keytool -genkey -alias <host-name-of-EM-Server> -keyalg RSA -keystore broker.ks
    The system prompts for the following information:
    Enter your keystore password:
    What is your first and last name?
    [Unknown]:
    What is the name of your organizational unit?
    [Unknown]:
    What is the name of your City or Locality?
    [Unknown]:
    What is the name of your State or Province?
    [Unknown]:
    What is the two-letter country code for this unit:
    [Unknown]:
    Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct?
    [no]: yes
    Enter key password for <broker>

    Make note of the password for later use. Make sure broker.ks is created.

  5. Export the broker certificate to share with clients: You must assign different names to each broker certificate file on each server (for example, Broker_cert1 and Brokercert2). Replace <host-name-of-EM-Server1> with the Active EM server and <host-name-of-EM-Server2> with the Standby EM server.
    1. On the Active EM server, run keytool -export -alias <host-name-of-Active-EM-Server> -keystore broker.ks -file broker_cert1
    2. On the Standby EM server, run keytool -export -alias <host-name-of-Standby-EM-Server> -keystore broker.ks -file broker_cert2
    Make sure that broker certificate files are created on Active and Standby EM servers. You'll add both broker_cert1 and brokercert2 files to the truststore on each client in the next section.