Skip to main content Skip to complementary content
Qlik Resources
Announcements
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

Setting up Talend JobServer to verify custom Job artifact signatures

Configure Talend JobServer to verify the custom signature of Job artifacts before execution.

If you used the default Talend signature, see Configuring Talend Administration Center and Talend JobServer for default Job artifact signature.

Before you begin

  • The Job artifact to be run must be using custom signatures. For details on signing a Job artifact, see Configuring custom Job artifact signature.
  • The truststore file that contains the CA (Certificate Authority) certificates must be accessible on the Talend JobServer machine at a fixed file path.

    If you use Talend Administration Center to manage Job artifacts, Talend Administration Center also signs the artifacts. Ensure that the Talend JobServer truststore contains the CA certificates for Talend Administration Center.

Procedure

  1. Open the Talend JobServer configuration file in a text editor:
    • Linux: <JobServer_installation>/conf/TalendJobServer.properties
    • Windows: <JobServer_installation>\conf\TalendJobServer.properties
  2. Enable signature verification by setting the following property to true: 
    org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_ENABLE=true
  3. Add the following properties: 
    org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_KEYSTORE=<path_to_truststore_file>
org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_STORE_PASSWORD=<store_password>
org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_KEYSTORE_TYPE=<JKS or PKCS12>
org.talend.remote.jobserver.commons.config.JobServerConfiguration.DIGEST_ALGORITHM=<digest_algorithm_from_Studio>
org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_ALGORITHM=<signature_algorithm_from_Studio>
    Information noteImportant: The values of DIGEST_ALGORITHM and SIGNATURE_ALGORITHM must exactly match those configured in Talend Studio and in Talend Administration Center if Talend Administration Center is used. A mismatch prevents Jobs from running.
  4. Save the file.
  5. Restart Talend JobServer for the changes to take effect.
  6. Run a test Job to confirm that signature verification succeeds.

Results

Talend JobServer verifies the signature of each Job artifact before execution.

Troubleshooting:
  • If signature verification fails, the following exception is returned: 
    Job signature check failed
  • When the signing certificate expires, you can set CHECK_SIGNATURE_TIMESTAMP to false to allow Jobs to continue running after the certificate expires. 
    org.talend.remote.jobserver.commons.config.JobServerConfiguration.CHECK_SIGNATURE_TIMESTAMP=false
    By default, this property is set to true, preventing Jobs from running after certificate expiration.

What to do next

To configure Talend Administration Center to verify and sign Job artifacts, see Setting up Talend Administration Center to verify custom Job artifact signatures.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here