After you store a certificate in site/ssl/certs/clientcert.pem and a paired key in site/ssl/certs/clientkey.pem for each LDAP client (on each database node or on each Unity server), update the TDGSS configuration to include values for the LdapClientTlsCert and LdapClientTlsKey properties. See Configuring TDGSS to Use Advanced Binding Options.
The Linux user under which Teradata Database runs (teradata) must have read access to the directory specified in the LdapClientTlsCert and LdapClientTlsKey properties. For sites that configured this property before Release 14.0, the permission is granted automatically by a script upon upgrade to Release 14.0. For sites that configure these properties on Release 14.10 or later, you must grant the permission manually. See Working with OS-Level Security Options.