Perform these steps on the EM server.
- Stop EM services as syncuser: /opt/teradata/emserver/bin/emstopall.sh
- Stop the tdactivemq service as a non-syncuser: /etc/init.d/tdactivemq stop
Rename all the default key and trust files located in this folder:
Old Key Name New Key Name broker.ks broker.ks.default broker.ts broker.ts.default client.ks client.ks.default client.ts client.ts.defaultThis is a backup step if you want to restore the default values.
Run the keytool command from /opt/teradata/jvm64/jdk7/jre/bin and complete the system prompts to create a certificate for the broker (change the alias to the broker's host name):
keytool -genkey -alias <host-name-of-EM-Server> -keyalg RSA -keystore broker.ks
The system prompts for the following information:
Enter your keystore password: What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit: [Unknown]: Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for <broker>
Make note of the password for later use. Make sure broker.ks is created.
- Export the broker certificate to share with clients using the following command: keytool -export -alias <host-name-of-EM-Server> -keystore broker.ks -file broker_cert This creates a file called broker_cert. You'll add the broker_cert to the truststore in the next section.