16.00 - Creating the Broker Key File on the Ecosystem Manager Server in Single Mode - Teradata Ecosystem Manager

Teradata Ecosystem Manager Installation, Configuration, and Upgrade Guide for Customers

Teradata Ecosystem Manager
December 2016
Perform these steps on the EM server.
  1. Stop EM services as syncuser: /opt/teradata/emserver/bin/emstopall.sh
  2. Stop the tdactivemq service as a non-syncuser: /etc/init.d/tdactivemq stop
  3. Rename all the default key and trust files located in this folder: /opt/teradata/tdactivemq/apache-activemq-5.13.1/conf
    Old Key Name New Key Name
    broker.ks broker.ks.default
    broker.ts broker.ts.default
    client.ks client.ks.default
    client.ts client.ts.default
    This is a backup step if you want to restore the default values.
  4. Run the keytool command from /opt/teradata/jvm64/jdk7/jre/bin and complete the system prompts to create a certificate for the broker (change the alias to the broker's host name): keytool -genkey -alias <host-name-of-EM-Server> -keyalg RSA -keystore broker.ks
    The system prompts for the following information:
    Enter your keystore password:
    What is your first and last name?
    What is the name of your organizational unit?
    What is the name of your City or Locality?
    What is the name of your State or Province?
    What is the two-letter country code for this unit:
    Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct?
    [no]: yes
    Enter key password for <broker>

    Make note of the password for later use. Make sure broker.ks is created.

  5. Export the broker certificate to share with clients using the following command: keytool -export -alias <host-name-of-EM-Server> -keystore broker.ks -file broker_cert This creates a file called broker_cert. You'll add the broker_cert to the truststore in the next section.