When security policy requires mutual authentication of the database, the Unity server, and the directory, you must install certificates and associated keys on each Teradata Database node and on the Unity server. These certificates are known as client certificates because for LDAP purposes, the database and Unity server are clients of the directory server. Client certificates must be in PEM format and conform to the requirements of the directory server being used. Coordinate with the directory administrator or the directory vendor to determine detailed certificate requirements.
Store the certificates and keys in separate files. Protect the file containing the private key very carefully. Anyone with this key can assume the identity of the database