Skip to main content Skip to complementary content

Generating an SSL certificate

To configure Talend Data Stewardship to run securely using the Secure Sockets Layer (SSL) protocol, you need to start by generating a trusted signed certificate.

To be used in the visitors browsers without warnings, the certificate has to be cryptographically signed and delivered by a Certificate Authority (CA).

For development and testing purposes only, a self-signed certificate can be created by using the Java provided tool (keytool). However, these types of certificates are not suitable for production use.

To use such a certificate, follow the steps:

Procedure

  1. Generate an SSL certificate using the following command:
    keytool -genkey -alias <alias> -keyalg <keyalg> -keypass <keypass> -storepass <storepass> -keystore <keystore>.jks
    Where:
    • <alias> is the alias name of your choice. It sets the alias name for the certificate.
    • <keyalg> is the algorithm of your certificate. RSA for example.
    • <keypass> is your key password.
    • <storepass> is your keystore password.
    • <keystore> is the name of keystore file. It stores the certificate in the keystore file and, if not created before, generates a new keystore in the current folder. Talend Data Stewardship only supports the Java Key Store (.jks) format to store keys and certificates.
  2. Export the certificate to the current folder using the following command:
    keytool -exportcert -alias <alias> -storepass <storepass> -file <certificate>.cer -keystore <keystore>.jks
  3. Import the certificate into your JVM as an administrator using the following command:
    keytool -importcert -trustcacerts -file <current_folder>/<certificate>.cer -alias <alias> -keystore <java_folder>/lib/security/cacerts
    Unless previously changed, the password set by Java to access the cacerts file is the same as initially defined.
  4. You may want to verify the Java keystore using the following command:
    keytool -list -keystore <java_folder>/lib/security/cacerts
    You can also list the keys:
    keytool -list -v -keystore <java_folder>/lib/security/cacerts

Results

The certificate is imported into the JVM.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!