Skip to main content

Talend Administration Center configuration for using SSL for the JMX monitoring client

The JMX monitoring client used by Talend Administration Center is configured in a file that needs to be created.

  1. Create a file with the following path and name: <tac_home>/apache-tomcat/webapps/org.talend.administrator/WEB-INF/classes/monitoring_jmx_ssl.properties.
  2. Edit the file and include the following parameters (the default settings are commented out):
    # Set to true to enforce SSL for JMX monitoring client
    org.talend.jmxmp.useSSL=true
    # Set to true to enforce certificate based client authentication for JMX monitoring server
    org.talend.jmxmp.ssl.authenticate=true
    
    org.talend.jmxmp.ssl.keyStore=<path_to_monitoring_client_keystore>
    org.talend.jmxmp.ssl.keyStorePassword=<monitoring_client_keystore_password>
    #org.talend.jmxmp.ssl.keyStoreType=JKS
        
    org.talend.jmxmp.ssl.trustStore=<path_to_monitoring_client_truststore>
    org.talend.jmxmp.ssl.trustStorePassword=<monitoring_client_truststore_password>
    #org.talend.jmxmp.ssl.trustStoreType=JKS
    
    #org.talend.jmxmp.ssl.enabled.protocols=TLS
    #org.talend.jmxmp.ssl.enabled.cipher.suites=<comma separated list of enabled cipher suites>

    It is very similar to the configuration on the server side. The keystore is only used if certificate based client authentication is configured for the JMX monitoring server. In this case the keystore is mandatory. Otherwise the client cannot be authenticated.

    The truststore must correspond to the keystore on the server side and the keystore needs to correspond to the truststore on the server side (if needed). If the truststore is undefined, the client trusts any monitoring server.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!