16.20 - 在 Ecosystem Manager 客户端上创建密钥库文件 - Teradata Ecosystem Manager

Teradata® Ecosystem Manager 安装、配置和升级指南(适用于客户)

prodname
Teradata Ecosystem Manager
vrm_release
16.20
category
安装
配置
featnum
B035-3203-107K-CHS
在 Ecosystem Manager 客户端和需要使用 SSL 配置的所有客户端上执行以下任务。如果多个客户端指向 Ecosystem Manager 服务器,请向每个客户端上生成的密钥库和信任库文件添加后缀或前缀 <hostname-of-EM-client>
  1. 创建并导航到一个名为 /home/em 的文件夹,用于放置密钥库文件。
  2. 为主动和备用 Ecosystem Manager 服务器创建证书/密钥库︰keytool -genkey -alias <hostname-of-EM-client> -keyalg RSA -keystore server.ks
    系统将提示输入以下信息:
    Enter your keystore password:
    What is your first and last name?
    [Unknown]:
    What is the name of your organizational unit?
    [Unknown]:
    What is the name of your City or Locality?
    [Unknown]:
    What is the name of your State or Province?
    [Unknown]:
    What is the two-letter country code for this unit:
    [Unknown]:
    Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct?
    [no]: yes
    Enter key password for <hostname-of-EM-client>
    (RETURN if same as keystore password):
    请确保在所有参与的 EM 客户端系统上创建密钥库文件。
  3. broker_cert1broker_cert2 文件从 Ecosystem Manager 服务器复制到客户端,然后在客户端上执行以下命令:Keytool -import -alias <hostname-of-EM-server1 or 2> -keystore client.ts -file broker_cert

    <hostname-of-EM-server1 > 替换为主动 EM 服务器的主机名,将 <hostname-of-EM-server 2> 替换为备用 EM 服务器的主机名。

  4. 使用用于创建代理程序密钥文件的同一个密码。
    Enter keystore password:
    Re-enter new password:
    Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
    Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
    Serial number: 300263d1
    Valid from: Tue Jun 23 18:18:11 UTC 2015 until: Mon Sep 21 18:18:11 UTC 2015
    Certificate fingerprints:
             MD5:  C1:1C:8C:C0:9B:A5:42:60:A0:A8:CC:CF:62:65:52:0D
             SHA1: 43:79:D8:32:AD:F2:B0:F9:3A:F6:96:FE:8E:F3:BE:13:71:6B:6B:F2
             SHA256: 83:23:00:9F:4B:19:01:1A:1E:21:78:72:9E:2D:E5:C2:C6:04:9C:1C:58:64:2C:A3:C3:C4:CE:CF:0C:07:0D:D2
             Signature algorithm name: SHA256withRSA
             Version: 3
    
    Extensions:
    
    #1: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 83 75 6D 0E A2 76 EE 16   84 09 13 40 AF F4 88 8A  .um..v.....@....
    0010: 50 65 D2 03                                        Pe..
    ]
    ]
    
    Trust this certificate? [no]:  yes
    Certificate was added to keystore
    
    该操作将创建一个信任库,并设置客户端信任代理程序。
  5. 对于两个 Ecosystem Manager 服务器,请导出客户端的证书,以便可将其与代理程序共享。keytool -export -alias <hostname-of_EM-client> -keystore client.ks -file client_cert
    Enter keystore password:
    Certificate stored in file <client_cert>
    
    请确保已创建 client_cert 文件。
  6. 将 client_certificate 复制到 Ecosystem Manager 服务器。
  7. 授予对 /home/em 及其所有文件的 777 访问权限。