16.10 - Installing the Private Key - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

Execute the following procedure on each Teradata Database node and on the Unity server, if used.

  1. Obtain a certificate and key in pem format, according to your site security policy.
  2. Create a directory called site/ssl/cacerts in the:
    • TDGSS site directory on database nodes.
  3. From within the new directory you created in step 1, create an empty file named clientkey.pem, using the following commands:

    Enter: touch clientkey.pem

    Then enter: chmod 0600 clientkey.pem

  4. Place the key in this file using an editor or the Posix cat command.
  5. Secure the clientkey.pem file to be read-write for the file owner.

    The resulting clientkey.pem file looks similar to:

    -----BEGIN RSA PRIVATE KEY-----
    MIICXAIBAAKBgQDRBPoI/fdAoezFRaqN63IdYW1Laucs+akMr+0qP47kKu/SkyUh
    d6u1EfLryzBIEubTD//GJXLDBCS4DbCx7xDzSVCUFQmR+X16241kKsyqO6wvd+9J
    pCWk6ktksV0gK437HG4YKo4q4BHIjl3VSRZxDqv2GU8IYfFesqWAdFhEhwIDAQAB
    AoGAIw0AmO1tvwroV5R9K1tmQYMK/vCoX6RmMth1nvYVkjGZEejW+yvEQZMG93+V
    UyDIUHCIZcP14LobJjo1fUEnyDag37P7FE9JDXr7I3QRNA0keR+w0egNpMcQMiDE
    Bgj7UCycCxuzOFX1UuvcnCMJH7QfBLb3p01BgK6W2ENfxLECQQD5PMSfs+ogS7Bb
    fcHlthBJA3576PyBeBURrcz/O3lmUTKz0vAzXBPWTxNCV/tLn1HUvEYuiZ2pyun3
    0zjcr2UFAkEA1rDZpCMZ4woUkvYX+BwkffG8HXnZNGROd4zu1tbQEgeBjOSVx299
    s/FSxEgtMRSGv6vPwDMCQFyy+teDJ7Im8isJTDNbF19HTv+qzYdRDmRPUEZqPB4W
    7FMz/PlpoOmeGj1gTID5Hfjw7kPvHfi5GwJBAO83aik2j8LLostNmqsV4e+SUPYx
    GxpQ3TgIrrdSqCSSTq3WCgHhoJCTeRK2S1W75tjelCXao97yCTp6GxuFpNkCQDLv
    wKNlxJWOZbU8eBFgs/PBr80ahMMebVOF94C3dKRibYU9EqA/vpOcZgBGOJ557w3w
    66sz2d5P4q71EBDcWE05DsFE9fqwAR5xcoWqGPYiuh0=
    -----END RSA PRIVATE KEY-----
  6. OpenSSL does not accept a key in a globally readable file. Use the following commands to prevent unauthorized persons from obtaining the key.
    1. Enter chmod 0400 clientkey.pem
    2. Enter chown gtw-or-unity-user clientkey.pem
    3. Substitute the user name of the Teradata Gateway or Unity user for gtw-or-unity-user.