Skip to main content Skip to complementary content

Configure TLS/SSL in Talend Administration Center

Procedure

  1. Create a keystore containing a self signed certificate using the command:
    keytool -genkey -keyalg RSA -alias tac-tomcat -keystore tac-tomcat-keystore.jks -storepass tacadmin -validity 3600 -keysize 2048
  2. Enter the password for your keystore twice, then enter the other optional information, such as your name, the name of your organization, your state and so on, if needed. For example,
    Enter keystore password:
    Re-enter new password:
    What is your first and last name?
    [Unknown]: localhost
    What is the name of your organizational unit?
    [Unknown]: Development
    What is the name of your organization?
    [Unknown]: Talend
    What is the name of your City or Locality?
    [Unknown]: Suresnes
    What is the name of your State or Province?
    [Unknown]: FR
    What is the two-letter country code for this unit?
    [Unknown]: FR
    Is CN=localhost, OU=TAC, O=Talend SA, L=Suresnes, ST=FR, C=FR correct?
    [no]: Y
    Enter key password for (RETURN if same as keystore password):

    Make sure to use the same password for key and file.

  3. Open the following file:
    <TAC_HOME>/apache-tomcat/conf/server.xml
  4. Configure Apache Tomcat to use this keystore by adding the following lines:
    <!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="conf/tac-tomcat-keystore.jks" keystorePass="tacadmin"
    clientAuth="false" sslProtocol="TLS"/>
  5. Comment the non-SSL part.
    <Connector executor="tomcatThreadPool"
    port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    throwOnFailure="true"
    redirectPort="8443" />
  6. Add the keystore certificate to Apache Tomcat trustore.
    #export certificate into .cert file
    keytool -keystore tac-tomcat-keystore.jks -alias tac-tomcat -export -file tac-tomcat.cert
    #import certificate into jks
    keytool -keystore tac-tomcat-truststore.jks -alias tac-tomcat -import -file tac-tomcat.cert
    This is necessary to avoid the following exception:
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target during user authentication.
  7. Add keystoreFile and keystorePass parameters and values.
  8. Open the following file:
    <TAC_HOME>/apache-tomcat/setenv.sh
  9. Change the line
    set "JAVA_OPTS=$JAVA_OPTS -Xmx4096m -Dfile.encoding=UTF-8"
    with
    set "JAVA_OPTS=$JAVA_OPTS -Xmx4096m -Dfile.encoding=UTF-8 -Djavax.net.ssl.trustStore=$CATALINA_HOME/conf/tac-tomcat-truststore.jks -Djavax.net.ssl.trustStorePassword=tacadmin"
  10. Restart Talend Administration Center.

    Check the Talend Administration Center URL with the following address: https://localhost:8443/org.talend.administrator.

    For more information, see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!