You must create self-signed keys and set up certificates for your SSL environment.
Use the ssl_setup_cert_wrapper.sh script to create self-signed keys and certificates in the ActiveMQ directory.
The script is located on the DSC server in the $DSA_DSC_ROOT directory.
Script usage is ssl_setup_cert_wrapper.sh [-h] [-C] [-a activemq_dir], where:
Option Description -h Displays help information. -C Cleans up the configuration files in the specified ActiveMQ directory. -a Specifies the directory where ActiveMQ is installed.
Type the following at the prompts:
ActiveMQ restarts after certificates are created.
Option Description Directory Full path to ActiveMQ directory
Organizational Unit Used to generate a unique key Organization Used to generate a unique key City Used to generate a unique key State Used to generate a unique key Country Used to generate a unique key Keystore Password Keystore password for both broker and client keystores.Certificates are created in: /opt/teradata/tdactivemq/apache-activemq-5.6.0/conf
Copy files client.pem and client-keystore.pem and preserve file permissions
- For all Teradata Database systems and TPA nodes in the DSA environment, type: #cp -p <file_name> /etc/opt/teradata/tdconfig
- For DSA media servers (anywhere ClientHandler is installed), type: #cp -p <file_name> /etc/opt/teradata/dsa/
Copy client.ts to the systems where DSC or BARCmdline are installed and preserve file permissions by typing:
#cp -p <file_name> /etc/opt/teradata/dsa
Certificates are valid for 20 years.
Enable JMS SSL on the BAR portlets by installing the client.pem certificate on the Viewpoint portal:
Make sure the client.pem certificate is accessible on your computer.
- From the Teradata Viewpoint portal, click .
- Open the Certificates portlet.
- From the Setup list, click Certificate Authority.
- Click Install Certificate.
- Enter an alias for the Certificate Authority, up to 30 characters.
- Click Browse and select the client.pem certificate.
- Click Install.
- Restart Viewpoint.
- When you add the DSC using the BAR Setup portlet (see Adding a DSC Server), select SSL as the Broker Connectivity.