Skip to main content Skip to complementary content

Configure TLS/SSL in Talend Administration Center

Procedure

  1. Create a keystore containing a self signed certificate using the command: 
    keytool -genkey -keyalg RSA -alias tac-tomcat -keystore tac-tomcat-keystore.jks -storepass tacadmin -validity 3600 -keysize 2048
  2. Enter the password for your keystore twice, then enter the other optional information, such as your name, the name of your organization, your state and so on, if needed. For example, 
    Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: Development
What is the name of your organization?
[Unknown]: Talend
What is the name of your City or Locality?
[Unknown]: Suresnes
What is the name of your State or Province?
[Unknown]: FR
What is the two-letter country code for this unit?
[Unknown]: FR
Is CN=localhost, OU=TAC, O=Talend SA, L=Suresnes, ST=FR, C=FR correct?
[no]: Y
Enter key password for (RETURN if same as keystore password):

    Make sure to use the same password for key and file.

  3. Open the following file:
    <TAC_HOME>/apache-tomcat/conf/server.xml
  4. Configure Apache Tomcat to use this keystore by adding the following lines: 
    <!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"

port="8443" maxThreads="150"
SSLEnabled="true"
maxParameterCount="1000">
<SSLHostConfig>
<Certificate
certificateKeystoreFile="${user.home}/.keystore"
certificateKeystorePassword="tacadmin"
type="RSA"
/>
</SSLHostConfig>
</Connector>
  5. Comment the non-SSL part. 
    <Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
throwOnFailure="true"
redirectPort="8443" />
  6. Add the keystore certificate to Apache Tomcat truststore. 
    #export certificate into .cert file
keytool -keystore tac-tomcat-keystore.jks -alias tac-tomcat -export -file tac-tomcat.cert
#import certificate into jks
keytool -keystore tac-tomcat-truststore.jks -alias tac-tomcat -import -file tac-tomcat.cert
    This is necessary to avoid the following exception:
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target during user authentication.
  7. Open the following file:
    <TAC_HOME>/apache-tomcat/bin/setenv.sh
  8. Change the line 
    set "JAVA_OPTS=$JAVA_OPTS -Xmx4096m -Dfile.encoding=UTF-8"
    with
    set "JAVA_OPTS=$JAVA_OPTS -Xmx4096m -Dfile.encoding=UTF-8 -Djavax.net.ssl.trustStore=$CATALINA_HOME/conf/tac-tomcat-truststore.jks -Djavax.net.ssl.trustStorePassword=tacadmin"
  9. Restart Talend Administration Center.

    Check the Talend Administration Center URL with the following address https://localhost:8443/org.talend.administrator.

    For more information, see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here