Configuration of Talend JobServer to use SSL for the JMX monitoring server

The JMX based monitoring server is started together with the Talend JobServer using <jobserver_home>/start_rs.sh. Its configuration is in <jobserver_home>/conf/TalendJobServer.properties. To configure SSL for the monitoring server, you need to add the following configuration parameters (the default settings are commented out):

# Set to true to enforce SSL for JMX monitoring server
org.talend.jmxmp.useSSL=true
# Set to true to enforce certificate based client authentication for JMX monitoring server
org.talend.jmxmp.ssl.authenticate=true

org.talend.jmxmp.ssl.keyStore=<path_to_monitoring_server_keystore>
org.talend.jmxmp.ssl.keyStorePassword=<monitoring_server_keystore_password>
#org.talend.jmxmp.ssl.keyStoreType=JKS
    
org.talend.jmxmp.ssl.trustStore=<path_to_monitoring_server_truststore>
org.talend.jmxmp.ssl.trustStorePassword=<monitoring_server_truststore_password>
#org.talend.jmxmp.ssl.trustStoreType=JKS

#org.talend.jmxmp.ssl.enabled.protocols=TLSv1.2,TLSv1.3
#org.talend.jmxmp.ssl.enabled.cipher.suites=<comma separated list of enabled cipher suites>

A list of valid ciphers may be found in the section Disabling some SSL ciphers (optional).

Protocol defaults to TLSv1.2. Alternatively you may specify TLSv1.3.

The truststore is only needed for certificate based client authentication for the JMX monitoring server. It must correspond to the keystore specified in the monitoring client. If org.talend.jmxmp.ssl.authenticate=true, the truststore is mandatory. Otherwise the Talend Administration Center client cannot be authenticated.

The keystore defined here is mandatory for SSL and must correspond to the truststore specified in the monitoring client. You may use the same truststore and keystore in the monitoring server and the client, but this is not recommended for production environments.