Enable SSL - Set Up Self-Signed Keys / Certificates | Teradata DSA | DSE | DSU - 17.00 - Enabling SSL - Setting Up Self-Signed Keys and Certificates - BAR - Data Stream Architecture - Data Stream Utility

Teradata® DSA - DSU Installation, Configuration, and Upgrade Guide

Product
BAR
Data Stream Architecture
Data Stream Utility
Release Number
17.00
Release Date
August 2020
Content Type
Configuration
Installation
Publication ID
B035-3153-129K
Language
English (United States)
PrerequisiteTo prevent connection failure, you must follow the steps in Installing Teradata ActiveMQ and Configuring ActiveMQ for SSL or TCP before setting up the self-signed keys and certificates.
You must create self-signed keys and set up certificates for your SSL environment.
  1. Use the ssl_setup_cert_wrapper.sh script to create self-signed keys and certificates in the ActiveMQ directory.
    The script is located on the DSC server in the $DSA_DSC_ROOT directory.

    Script usage is ssl_setup_cert_wrapper.sh [-h] [-C] [-a activemq_dir], where:

    Option Description
    -h Displays help information.
    -C Cleans up the configuration files in the specified ActiveMQ directory.
    -a Specifies the directory where ActiveMQ is installed.
  2. Copy files client.pem and client-keystore.pem and preserve file permissions as follows:
    1. Go to: /opt/teradata/tdactivemq/apache-activemq-5.xx.xx/conf
    2. For all Teradata systems and TPA nodes in the DSA environment, type:
      #cp -p <file_name> /etc/opt/teradata/tdconfig
      #chown teradata /etc/opt/teradata/tdconfig/<file_name>
      #chmod 600 /etc/opt/teradata/tdconfig/<file_name>
    3. For DSA media servers (anywhere ClientHandler is installed), type:
      #cp -p <file_name> /etc/opt/teradata/dsa/
      #chown dscuser /etc/opt/teradata/dsa/<file_name>
      #chmod 600 /etc/opt/teradata/dsa/<file_name>
  3. Copy client.ts to the systems where DSC or BARCmdline are installed and preserve file permissions by typing:
    #cp -p <file_name> /etc/opt/teradata/dsa
    Certificates are valid for 20 years.
  4. Enable JMS SSL on the BAR portlets by installing the client.pem certificate on the Viewpoint portal:
    1. From the Teradata Viewpoint portal, click "".
    2. Open the Certificates portlet.
    3. From the Setup list, click Certificate Authority.
    4. Click Install Certificate.
    5. Enter an alias for the Certificate Authority, up to 30 characters.
    6. Click Browse and select the client.pem certificate.
      Important: Copy client.pem from /etc/opt/teradata/dsa.
    7. Click Install.
    8. Restart Viewpoint.
      /etc/init.d/viewpoint restart
  5. When you add the DSC using the BAR Setup portlet (see Enabling or Adding a DSC Server), select SSL as the Broker Connectivity and add the Broker Port.