The LdapClientTlsCACert property specifies the name of the file that contains all the certificate authorities (CAs), including the certificate for the CA that signed the directory server certificate that TDGSS and OpenLdap tools trust. If the signing CA is not a top-level (root) CA, certificates for the entire sequence of CAs from the signing CA to the top-level CA must be present. The certificate order is not significant.
You can use this property for certificate chain verification when all CAs are in one file, but LdapClientTlsCACertDir is preferred. See LdapClientTlsCACertDir.
Valid Settings
| Setting | Description |
|---|---|
| "" (default) | No file is specified |
| A file name | The file must contain concatenated CA certificates in PEM format. |
Editing Guidelines
- To set a value, you must manually add this property to the TDGSS configuration file for the needed mechanisms. See Editing Configuration Files.
Configure this property or LdapClientTlsCACertDir (preferred) when using TLS. See Verifying the Directory Server Certificate Chain.
If you decide to use TLS protection, edit this property for all mechanisms that have the AuthorizationSupported property set to yes.
Set the value on each node.
The Linux user under which Teradata Vantage runs must own and have read access to this file. For sites that configured this property before Release 14.0, the permission is granted automatically by a script upon upgrade to Release 14.0. For sites that configure this property on Release 14.0 or later, you must grant the permission manually.