16.00 - Creating the Keystore File on an Ecosystem Manager Client - Teradata Ecosystem Manager

Teradata Ecosystem Manager Installation, Configuration, and Upgrade Guide for Customers

Teradata Ecosystem Manager
December 2016
Perform the following tasks on the Ecosystem Manager Client and all clients that need to be configured with SSL. If multiple clients point to the Ecosystem Manager server, add a suffix or prefix <hostname-of-EM-client> to the generated keystore and truststore files on each client.
  1. Create and navigate to a folder named /home/em where you will place the keystore files.
  2. Create a certificate/keystore for both Active and Standby Ecosystem Manager servers: keytool -genkey -alias <hostname-of-EM-client> -keyalg RSA -keystore server.ks
    The system prompts for the following information:
    Enter your keystore password:
    What is your first and last name?
    What is the name of your organizational unit?
    What is the name of your City or Locality?
    What is the name of your State or Province?
    What is the two-letter country code for this unit:
    Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct?
    [no]: yes
    Enter key password for <hostname-of-EM-client>
    (RETURN if same as keystore password):
    Make sure that the keystore file is created on all participating EM client systems.
  3. Copy the broker_cert file from the Ecosystem Manager server to the client and then execute the following command on the client: Keytool -import -alias <hostname-of-EM-server> -keystore client.ts -file broker_cert
  4. Answer the same questions and use the same password you saved when you created the broker key file.
    Enter keystore password:
    Re-enter new password:
    Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
    Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
    Serial number: 300263d1
    Valid from: Tue Jun 23 18:18:11 UTC 2015 until: Mon Sep 21 18:18:11 UTC 2015
    Certificate fingerprints:
             MD5:  C1:1C:8C:C0:9B:A5:42:60:A0:A8:CC:CF:62:65:52:0D
             SHA1: 43:79:D8:32:AD:F2:B0:F9:3A:F6:96:FE:8E:F3:BE:13:71:6B:6B:F2
             SHA256: 83:23:00:9F:4B:19:01:1A:1E:21:78:72:9E:2D:E5:C2:C6:04:9C:1C:58:64:2C:A3:C3:C4:CE:CF:0C:07:0D:D2
             Signature algorithm name: SHA256withRSA
             Version: 3
    #1: ObjectId: Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 83 75 6D 0E A2 76 EE 16   84 09 13 40 AF F4 88 8A  .um..v.....@....
    0010: 50 65 D2 03                                        Pe..
    Trust this certificate? [no]:  yes
    Certificate was added to keystore
    This creates a truststore and sets the client trusts the broker.
  5. Export the client certificate using the keytool command: keytool -export -alias <hostname-of_EM-client> -keystore client.ks -file client_cert
    Enter keystore password:
    Certificate stored in file <client_cert>
  6. Copy the client_certificate to the Ecosystem Manager server.
  7. Make sure that the client_certificate file is created.
  8. Give 777 access rights to /home/em and all files within it.