Client SSL configuration for Talend JobServer

Both Talend JobServer clients (Talend Administration Center / Talend Studio) support new system properties specifying client keystore + truststore.

For Talend Studio, it is recommended to specify these system properties in studio/Talend-Studio-linux-gtk-x86_64.ini or studio/Talend-Studio-gtk-aarch64.ini:

-Dorg.talend.remote.client.ssl.keyStore=<path_to_jobserver_client_keystore>
-Dorg.talend.remote.client.ssl.keyStorePassword=<jobserver_client_keystore_password>
-Dorg.talend.remote.client.ssl.trustStore=<path_to_jobserver_client_truststore>
-Dorg.talend.remote.client.ssl.trustStorePassword=<jobserver_client_truststore_password>
-Dorg.talend.remote.client.ssl.enabled.protocols=TLSv1.2,TLSv1.3
-Dorg.talend.remote.client.ssl.disablePeerTrust=false

Note: From version 7.2.x, peer trust is enabled by default with the Dorg.talend.remote.client.ssl.disablePeerTrust=false property. To disable peer trust, set this property to true.

For Talend Administration Center you can use tac/apache-tomcat/bin/setenv.sh to extend the JAVA_OPTS specification:

export JAVA_OPTS="$JAVA_OPTS -Xmx2048m -Dfile.encoding=UTF-8 -Dorg.talend.remote.client.ssl.keyStore=..."

The client keystore is used for certificate based client authorization and must correspond to the truststore configured at server side.

But if org.talend.remote.server.ssl.authenticate=false in jobserver/agent/conf/TalendJobServer.properties, certificate based client authorization is switched off and the client keystore has no effect.

The client truststore must correspond to the keystore configured at server side. If there is no truststore specified at client side, the client trusts every server.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here