Client Certificates all Signed by the Same CA - Aster Client
Teradata Aster® Client Guide
- Product
- Aster Client
- Release Number
- 7.00
- Published
- May 2017
- Language
- English (United States)
- Last Update
- 2018-04-13
- dita:mapPath
- hki1475000360386.ditamap
- dita:ditavalPath
- Generic_no_ie_no_tempfilter.ditaval
- dita:id
- B700-2005
- lifecycle
- previous
- Product Category
- Software
-
Get the root certificate of the CA (certificate authority) that signed your client's certificate. Save the root certificate on the queen. For this example, we will save it as /home/beehive/certs/client.pem on the queen.
-
Make the following settings on the queen. You can use http://<queen-ip-address>:2407/std/configflags. You also need to configure the same settings on all the loader nodes if you want to enable SSL on Aster Loader and Exporter tools.
-
disallowPeerWithoutCertificates=true
-
trustedCAFileName=/home/beehive/certs/client.pem
-
sslCertificatePath=/home/beehive/certs/server.cert
-
sslPrivateKeyPath=/home/beehive/certs/server.key
-
sslFileType=1(A value of "1" means SSL_FILETYPE_PEM. A value of “2” means SSL_FILETYPE_ASN1.)
- There is no need to set the trustedCAPath parameter if you use a single root certificate for all clients.
- Ensure that secureWrites is set to false.
- Ensure that secureMuleServer is set to true.