16.00 - Creating the Broker Key File on the Ecosystem Manager Server in Single Mode - Teradata Ecosystem Manager

Teradata Ecosystem Manager Installation, Configuration, and Upgrade Guide for Customers

prodname
Teradata Ecosystem Manager
vrm_release
16.00
created_date
December 2016
category
Configuration
Installation
featnum
B035-3203-116K
Perform these steps on the EM server.
  1. Stop EM services as syncuser: /opt/teradata/emserver/bin/emstopall.sh
  2. Stop the tdactivemq service as a non-syncuser: /etc/init.d/tdactivemq stop
  3. Rename all the default key and trust files located in this folder: /opt/teradata/tdactivemq/apache-activemq-5.13.1/conf
    Old Key Name New Key Name
    broker.ks broker.ks.default
    broker.ts broker.ts.default
    client.ks client.ks.default
    client.ts client.ts.default
    This is a backup step if you want to restore the default values.
  4. Run the keytool command from /opt/teradata/jvm64/jdk7/jre/bin and complete the system prompts to create a certificate for the broker (change the alias to the broker's host name): keytool -genkey -alias <host-name-of-EM-Server> -keyalg RSA -keystore broker.ks
    The system prompts for the following information:
    Enter your keystore password:
    What is your first and last name?
    [Unknown]:
    What is the name of your organizational unit?
    [Unknown]:
    What is the name of your City or Locality?
    [Unknown]:
    What is the name of your State or Province?
    [Unknown]:
    What is the two-letter country code for this unit:
    [Unknown]:
    Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct?
    [no]: yes
    Enter key password for <broker>

    Make note of the password for later use. Make sure broker.ks is created.

  5. Export the broker certificate to share with clients using the following command: keytool -export -alias <host-name-of-EM-Server> -keystore broker.ks -file broker_cert This creates a file called broker_cert. You'll add the broker_cert to the truststore in the next section.