Scenario 3: Client CA-signed Certificate Must Match the Queen Certificate - Aster Client

Teradata Aster® Client Guide

Product
Aster Client
Release Number
7.00
Published
May 2017
Language
English (United States)
Last Update
2018-04-13
dita:mapPath
hki1475000360386.ditamap
dita:ditavalPath
Generic_no_ie_no_tempfilter.ditaval
dita:id
B700-2005
lifecycle
previous
Product Category
Software

This scenario presents a stricter regime, where the queen only accepts connections from clients that provide a CA-signed certificate, for which a copy already exists on the queen at the time of connection. In other words, clients cannot connect using a self-signed certificate, nor can they connect using a copy of the queen's public key. The identical signed certificate must exist on the queen as well. Setting the server flag disallowPeerWithoutCertificates = true is what forces the client to provide a certificate in order to connect.