Skip to main content

Enabling client authentication for SSL

To exchange certificates and allow only "trusted" clients to use the Talend Runtime Container HTTP service, you need to follow the following instructions.

  1. Enable the HTTP client auth support in the Karaf-based Talend Runtime Container.

    When you install the HTTP feature, the container leverages Pax-Web to provide HTTP OSGi service:

    karaf@trun> feature:install http

  2. Add a custom etc/org.ops4j.pax.web.cfg file with the following content:

    org.osgi.service.http.port=8181

org.osgi.service.http.port.secure=9001
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks
org.ops4j.pax.web.ssl.keystore.password=password
org.ops4j.pax.web.ssl.key.password=password
#org.ops4j.pax.web.ssl.clientauth.wanted=false
org.ops4j.pax.web.ssl.clientauth.needed=true

    The clientauth.wanted and clientauth.needed properties are valid for Karaf 2.2.x which uses Pax Web 1.0.x. For more information about the version of Karaf your Talend Runtime Container is based on, seeCompatible Apache software and JMS Brokers for Talend ESB.

    Thanks to the clientauth.needed property, the client is "forced" to be trusted.

In this section

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here