16.10 - Setting Up Self-Signed Keys and Certificates - Data Stream Extensions

Data Stream Extensions Installation, Configuration, and Upgrade Guide for Customers

prodname
Data Stream Architecture
Data Stream Extensions
vrm_release
16.10
created_date
August 2017
category
Configuration
Installation
featnum
B035-3151-087K
You must create self-signed keys and set up certificates for your SSL environment.
  1. Use the ssl_setup_cert_wrapper.sh script to create self-signed keys and certificates in the ActiveMQ directory. The script is located on the DSC server in the $DSA_DSC_ROOT directory.

    Script usage is ssl_setup_cert_wrapper.sh [-h] [-C] [-a activemq_dir], where:

    Option Description
    -h Displays help information.
    -C Cleans up the configuration files in the specified ActiveMQ directory.
    -a Specifies the directory where ActiveMQ is installed.
  2. Type the following at the prompts:
    Option Description
    Directory Full path to ActiveMQ directory

    /opt/teradata/tdactivemq/apache-activemq-5.6.0

    Organizational Unit Used to generate a unique key
    Organization Used to generate a unique key
    City Used to generate a unique key
    State Used to generate a unique key
    Country Used to generate a unique key
    Keystore Password Keystore password for both broker and client keystores.
    ActiveMQ restarts after certificates are created.
    Certificates are created in: /opt/teradata/tdactivemq/apache-activemq-5.6.0/conf
  3. Copy files client.pem and client-keystore.pem and preserve file permissions as follows:
    1. For all Teradata Database systems and TPA nodes in the DSA environment, type: #cp -p <file_name> /etc/opt/teradata/tdconfig
    2. For DSA media servers (anywhere ClientHandler is installed), type: #cp -p <file_name> /etc/opt/teradata/dsa/
  4. Copy client.ts to the systems where DSC or BARCmdline are installed and preserve file permissions by typing: #cp -p <file_name> /etc/opt/teradata/dsa
    Certificates are valid for 20 years.
  5. Enable JMS SSL on the BAR portlets by installing the client.pem certificate on the Viewpoint portal:
    Make sure the client.pem certificate is accessible on your computer.
    1. From the Teradata Viewpoint portal, click .
    2. Open the Certificates portlet.
    3. From the Setup list, click Certificate Authority.
    4. Click Install Certificate.
    5. Enter an alias for the Certificate Authority, up to 30 characters.
    6. Click Browse and select the client.pem certificate.
    7. Click Install.
    8. Restart Viewpoint.
  6. When you add the DSC using the BAR Setup portlet (see Adding a DSC Server), select SSL as the Broker Connectivity.