Create the trusted client certificate - 7.3

Talend ESB Container Administration Guide

Version
7.3
Language
English
Product
Talend Cloud
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Administration and Monitoring
Design and Development
Installation and Upgrade
Last publication date
2023-09-13

About this task

You are going to use a keytool (provided with the JDK) to manipulate the keys and certificates.

Procedure

  1. Create two key pairs:
    • one for the server side (use for SSL),

    • one as an example of the client side (use for "trust", should be performed for each client, on the client side).

    mkdir -p etc/keystores
    cd etc/keystores
    keytool -genkey -keyalg RSA -validity 365 -alias serverkey -keypass password -storepass password -keystore keystore.jks
    keytool -genkey -keyalg RSA -validity 365 -alias clientkey -keypass password -storepass password -keystore client.jks
    These key are self-signed. In a production system, you should use a Certificate Authority (CA).
  2. Export the client certificate to be imported in the server keystore:
    keytool -export -rfc -keystore client.jks -storepass password -alias clientkey -file client.cer
    keytool -import -trustcacerts -keystore keystore.jks -storepass password -alias clientkey -file client.cer
  3. Check that the client certificate is trusted in our keystore:
    keytool -list -v -keystore keystore.jks
    ...
    Alias name: clientkey
    Creation date: Dec 12, 2012
    Entry type: trustedCertEntry
    ...
  4. You can now remove the client.cer certificate.