Skip to main content

Enabling client authentication for SSL

To exchange certificates and allow only "trusted" clients to use the Talend Runtime Container HTTP service, you need to follow the following instructions.

  1. Enable the HTTP client auth support in the Karaf-based Talend Runtime Container.

    When you install the HTTP feature, the container leverages Pax-Web to provide HTTP OSGi service:

    karaf@trun> feature:install http
  2. Add a custom etc/org.ops4j.pax.web.cfg file with the following content:

    org.osgi.service.http.port=8181
    
    org.osgi.service.http.port.secure=9001
    org.osgi.service.http.secure.enabled=true
    org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks
    org.ops4j.pax.web.ssl.keystore.password=password
    org.ops4j.pax.web.ssl.key.password=password
    #org.ops4j.pax.web.ssl.clientauth.wanted=false
    org.ops4j.pax.web.ssl.clientauth.needed=true

    The clientauth.wanted and clientauth.needed properties are valid for Karaf 2.2.x which uses Pax Web 1.0.x. For more information about the version of Karaf your Talend Runtime Container is based on, seeCompatible Apache software and JMS Brokers for Talend ESB.

    Thanks to the clientauth.needed property, the client is "forced" to be trusted.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!