Configuration of Talend Administration Center to use SSL for the JMX monitoring client

The JMX monitoring client used by Talend Administration Center is configured in a file that you create.

Procedure

Create a file with the following path and name: <tac_home>/apache-tomcat/webapps/org.talend.administrator/WEB-INF/classes/monitoring_jmx_ssl.properties.
Edit the file and include the following parameters (the default settings are commented out):
```
# Set to true to enforce SSL for JMX monitoring client
org.talend.jmxmp.useSSL=true

org.talend.jmxmp.ssl.keyStore=<path_to_monitoring_client_keystore>
org.talend.jmxmp.ssl.keyStorePassword=<monitoring_client_keystore_password>
#org.talend.jmxmp.ssl.keyStoreType=JKS
    
org.talend.jmxmp.ssl.trustStore=<path_to_monitoring_client_truststore>
org.talend.jmxmp.ssl.trustStorePassword=<monitoring_client_truststore_password>
#org.talend.jmxmp.ssl.trustStoreType=JKS

#org.talend.jmxmp.ssl.enabled.protocols=TLSv1.2,TLSv1.3
#org.talend.jmxmp.ssl.enabled.cipher.suites=<comma separated list of enabled cipher suites>
```
It is very similar to the configuration on the server side. The keystore is only used if certificate based client authentication is configured for the JMX monitoring server. In this case the keystore is mandatory. Otherwise the client cannot be authenticated.

The truststore must correspond to the keystore on the server side and the keystore needs to correspond to the truststore on the server side (if needed). If the truststore is undefined, the client trusts any monitoring server.

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!