Setting Up Self-Signed Keys and Certificates - Data Stream Architecture - Data Stream Extensions

Data Stream Extensions Installation, Configuration, and Upgrade Guide for Customers

Product
Data Stream Architecture
Data Stream Extensions
Release Number
15.11
Published
August 2016
Language
English (United States)
Last Update
2018-04-17
dita:mapPath
wxt1471999008645.ditamap
dita:ditavalPath
3151_DSE_ICUCustomer_1511.ditaval.ditaval
dita:id
B035-3151
lifecycle
previous
Product Category
Software
Teradata Tools and Utilities
You must create self-signed keys and set up certificates for your SSL environment.
  1. Use the ssl_setup_cert_wrapper.sh script to create self-signed keys and certificates in the ActiveMQ directory. The script is located on the DSC server in the $DSA_DSC_ROOT directory.

    Script usage is ssl_setup_cert_wrapper.sh [-h] [-C] [-a activemq_dir], where:

    Option Description
    -h Displays help information.
    -C Cleans up the configuration files in the specified ActiveMQ directory.
    -a Specifies the directory where ActiveMQ is installed.
  2. Type the following at the prompts:
    Option Description
    Directory Full path to ActiveMQ directory
    /opt/teradata/tdactivemq/apache-activemq-5.6.0
    ActiveMQ Broker URL Host name of the ActiveMQ broker
    Organizational Unit Used to generate a unique key
    Organization Used to generate a unique key
    City Used to generate a unique key
    State Used to generate a unique key
    Country Used to generate a unique key
    Keystore Password Keystore password for both broker and client keystores.
    ActiveMQ restarts after certificates are created.
    Certificates are created in: /opt/teradata/tdactivemq/apache-activemq-5.6.0/conf
  3. Copy files client.pem and client-keystore.pem and preserve file permissions as follows:
    1. For all Teradata Database systems and TPA nodes in the DSA environment, type: #cp -p <file_name> /etc/opt/teradata/tdconfig
    2. For DSA media servers (anywhere ClientHandler is installed), type: #cp -p <file_name> /etc/opt/teradata/dsa/
  4. Copy client.ts to the systems where DSC or BARCmdline are installed and preserve file permissions by typing: #cp -p <file_name> /etc/opt/teradata/dsa
    Certificates are valid for 20 years.
  5. Enable JMS SSL on the BAR portlets by installing the client.pem certificate on the Viewpoint portlet:
    Make sure the client.pem certificate is accessible on your computer.
    1. From the Teradata Viewpoint portal page, click .
    2. Open the Certificates portlet.
    3. From the SETUP list, click Certificate Authority.
    4. Click Install Certificate.
    5. Enter an alias for the Certificate Authority, up to 30 characters.
    6. Click Browse and select the client.pem certificate.
    7. Click Install.
    8. Run the BAR portlet SSL script on the Viewpoint server: BARPortlets.15.11.00.00/barportlets_ssl_setup.sh ssl
      The script is included with the BAR portlet package.
    9. If the SSL port is different from the TCP port, update the broker.port property in the following properties files: barportlet.properties
    10. Restart the Viewpoint portlet.