Skip to main content

Talend JobServer configuration for using SSL for the JMX monitoring server

The JMX based monitoring server is started together with the Talend JobServer using <jobserver_home>/start_rs.sh. Its configuration is in <jobserver_home>/conf/TalendJobServer.properties. To configure SSL for the monitoring server, you need to add the following configuration parameters (the default settings are commented out):

# Set to true to enforce SSL for JMX monitoring server
org.talend.jmxmp.useSSL=true
# Set to true to enforce certificate based client authentication for JMX monitoring server
org.talend.jmxmp.ssl.authenticate=true

org.talend.jmxmp.ssl.keyStore=<path_to_monitoring_server_keystore>
org.talend.jmxmp.ssl.keyStorePassword=<monitoring_server_keystore_password>
#org.talend.jmxmp.ssl.keyStoreType=JKS
    
org.talend.jmxmp.ssl.trustStore=<path_to_monitoring_server_truststore>
org.talend.jmxmp.ssl.trustStorePassword=<monitoring_server_truststore_password>
#org.talend.jmxmp.ssl.trustStoreType=JKS

#org.talend.jmxmp.ssl.enabled.protocols=TLSv1.2,TLSv1.3
#org.talend.jmxmp.ssl.enabled.cipher.suites=<comma separated list of enabled cipher suites>

A list of valid ciphers may be found in the section Disabling some SSL ciphers (optional) in the Talend Installation Guide.

Protocol defaults to TLSv1.2. Alternatively you may specify TLSv1.3.

Information noteNote: The TLS protocol definition depends on your JDK or Java version. Refer to the JDK documentation for details.

The truststore is only needed for certificate based client authentication for the JMX monitoring server. It must correspond to the keystore specified in the monitoring client. If org.talend.jmxmp.ssl.authenticate=true, the truststore is mandatory. Otherwise the Talend Administration Center client cannot be authenticated.

The keystore defined here is mandatory for SSL and must correspond to the truststore specified in the monitoring client. You may use the same truststore and keystore in the monitoring server and the client, but this is not recommended for production environments.

Information noteNote:

Note that <jobserver_home>/start_jconsole.sh does not work with SSL, because Jconsole cannot remotely connect using SSL via the jmxmp protocol. But you can connect inside JConsole to the local JobServer process which provides the same information / MBeans.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!