Toggle SSL or TCP after Installation | Teradata DSA | DSE | DSU - 17.05 - Toggling SSL or TCP after Installation - BAR - Data Stream Architecture - Data Stream Extensions

Teradata® DSA - DSE for IBM Spectrum Protect Installation, Configuration, and Upgrade Guide

prodname
BAR
Data Stream Architecture
Data Stream Extensions
vrm_release
17.05
created_date
September 2020
category
Configuration
Installation
featnum
B035-3155-090K
If you have SSL set up and you want to switch to TCP, you can use these steps with the toggle script. You also must remove and re-add the DSC Server in the BAR Setup portlet.

If you want to switch from TCP to SSL, you need to follow the steps in Enabling SSL - Setting Up Self-Signed Keys and Certificates in your installation guide. See Teradata® DSA - DSU Installation, Configuration, and Upgrade Guide, Teradata® DSA - DSE for Veritas NetBackup Installation, Configuration, and Upgrade Guide, or Teradata® DSA - DSE for IBM Spectrum Protect Installation, Configuration, and Upgrade Guide.

  1. Remove the DSC Server using the BAR Setup portlet.
  2. To toggle SSL for each client component (DSC, DSARest, BARCmdline, and ClientHandler), run the toggle script on each client.
    ./ssl_jms_toggle.sh is located in each client's installed directory:
    • $DSA_DSC_ROOT
    • $BARCMDLINE_ROOT
    • $CLIENTHANDLER_ROOT
    Syntax: ssl_jms_toggle.sh [ DSC | DSARest | BARCmdline | ClientHandler ] [ tcp | ssl ] [ 61616 | 61617 ]
    For example: ssl_jms_toggle.sh DSC ssl 61617
    For ClientHandler the following is true:
    • The script prompts you for the SSL keystore password. This is the client's keystore password.
      Important: If DSARest web service is https, the SSL keystore password must match the DSARest web service keystore password.

      If you want to switch from TCP to SSL, you need to follow the steps in Enabling SSL - Setting Up Self-Signed Keys and Certificates in your installation guide. See Teradata® DSA - DSU Installation, Configuration, and Upgrade Guide, Teradata® DSA - DSE for Veritas NetBackup Installation, Configuration, and Upgrade Guide, or Teradata® DSA - DSE for IBM Spectrum Protect Installation, Configuration, and Upgrade Guide.

    • If clienthandler.properties contains multiple brokers, the script asks if you want to use the same port number for all brokers.
      • y - All port numbers are changed to the number listed in the command
      • n - Port numbers are left as is. To change any broker port numbers, you must change them in broker.list in clienthandler.properties.
  3. Add the DSC server using the BAR Setup portlet (see Enabling or Adding a DSC Server), select SSL or TCP as the Broker Connectivity and Broker Port.
  4. From the BAR Setup portlet, select your DSC Server, and click Systems and Nodes under Categories.
  5. Select the system name under Systems, then System Details under Setup.
  6. To enable SSL, under SSL Communication:
    1. Check the Enable SSL over JMS Communication box.
    2. Enter the keystore password in the Truststore Password box.
    3. Click Apply, then follow on-screen instructions.
  7. To configure TCP, under SSL Communication:
    1. Clear the Enable SSL over JMS Communication box.
    2. Remove the keystore password from the Truststore Password box.
    3. Click Apply, then follow on-screen instructions.
  8. Restart the DSMain process on DSC server for the repository database cnsterm 6:
    1. Stop bardsmain:
      cnsterm 6
      start bardsmain -s
    2. Start bardsmain:
      cnsterm 6
      start bardsmain