Client Certificates all Signed by the Same CA - Aster Client

Teradata Aster® Client Guide

Product
Aster Client
Release Number
7.00
Published
May 2017
Language
English (United States)
Last Update
2018-04-13
dita:mapPath
hki1475000360386.ditamap
dita:ditavalPath
Generic_no_ie_no_tempfilter.ditaval
dita:id
B700-2005
lifecycle
previous
Product Category
Software
  1. Get the root certificate of the CA (certificate authority) that signed your client's certificate. Save the root certificate on the queen. For this example, we will save it as /home/beehive/certs/client.pem on the queen.
  2. Make the following settings on the queen. You can use http://<queen-ip-address>:2407/std/configflags. You also need to configure the same settings on all the loader nodes if you want to enable SSL on Aster Loader and Exporter tools.
    • disallowPeerWithoutCertificates=true
    • trustedCAFileName=/home/beehive/certs/client.pem
    • sslCertificatePath=/home/beehive/certs/server.cert
    • sslPrivateKeyPath=/home/beehive/certs/server.key
    • sslFileType=1(A value of "1" means SSL_FILETYPE_PEM. A value of “2” means SSL_FILETYPE_ASN1.)
    • There is no need to set the trustedCAPath parameter if you use a single root certificate for all clients.
    • Ensure that secureWrites is set to false.
    • Ensure that secureMuleServer is set to true.