ActiveMQ includes key and trust stores that reference a dummy self-signed cert. These cert files are located in the conf directory (/opt/teradata/tdactivemq/apache-activemq-5.13.1/conf):
- broker.ks (broker's key)
- broker.ts (broker's truststore)
- client.ks (client's key)
- client.ts (client's truststore)
The broker's trust store must include a copy of each client certificate that is allowed to connect to the broker. The client's trust store must contain the broker certificate for each broker to which any client may connect.
Before configuration, stop the empublisher on all clients with the command: /etc/init.d/empublisher stop
For all the Ecosystem Manager client systems that you are configuring with SSL, stop EM services on each client system. Run the command: /opt/teradata/client/em/bin/emstopall.sh
Follow these steps for SSL configuration on single server mode.