16.00 - Creating the Broker Key File on the Ecosystem Manager Server in Dual Mode - Teradata Ecosystem Manager

Teradata Ecosystem Manager Installation, Configuration, and Upgrade Guide for Customers

Teradata Ecosystem Manager
December 2016
Perform the following steps on both Ecosystem Manager servers.
  1. Stop EM services as syncuser: /opt/teradata/emserver/bin/emstopall.sh
  2. Stop the tdactivemq service as a non-syncuser: /etc/init.d/tdactivemq stop
  3. Rename all the default key and trust files located in this folder: /opt/teradata/tdactivemq/apache-activemq-5.13.1/conf
    Old Key Name New Key Name
    broker.ks broker.ks.default
    broker.ts broker.ts.default
    client.ks client.ks.default
    client.ts client.ts.default
    This is a backup step if you want to restore the default values.
  4. Run the keytool command from /opt/teradata/jvm64/jdk7/jre/bin and complete the system prompts to create a certificate for the broker (change the alias to the broker's host name): keytool -genkey -alias <host-name-of-EM-Server> -keyalg RSA -keystore broker.ks
    The system prompts for the following information:
    Enter your keystore password:
    What is your first and last name?
    What is the name of your organizational unit?
    What is the name of your City or Locality?
    What is the name of your State or Province?
    What is the two-letter country code for this unit:
    Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct?
    [no]: yes
    Enter key password for <broker>

    Make note of the password for later use. Make sure broker.ks is created.

  5. Export the broker certificate to share with clients: You must assign different names to each broker certificate file on each server (for example, Broker_cert1 and Brokercert2). Replace <host-name-of-EM-Server1> with the Active EM server and <host-name-of-EM-Server2> with the Standby EM server.
    1. On the Active EM server, run keytool -export -alias <host-name-of-Active-EM-Server> -keystore broker.ks -file broker_cert1
    2. On the Standby EM server, run keytool -export -alias <host-name-of-Standby-EM-Server> -keystore broker.ks -file broker_cert2
    Make sure that broker certificate files are created on Active and Standby EM servers. You'll add both broker_cert1 and brokercert2 files to the truststore on each client in the next section.