Creating the trusted client certificate

Creating the trusted client certificate - Cloud

Talend Remote Engine User Guide for Windows

Version

Cloud

Language

English

Operating system

Windows

Product

Talend Cloud

Module

Talend Remote Engine

Content

Design and Development

Installation and Upgrade

Last publication date

2024-02-23

Use keytool (provided with the JDK) to manipulate the keys and certificates.

Procedure

Create two key pairs:
1. One pair for the server (used for SSL)
2. One pair as an example on the client side (used for "trust")
  The key pair on the client side must be created for each client.
```
mkdir -p etc/keystores
cd etc/keystores
keytool -genkey -keyalg RSA -validity 365 -alias serverkey -keypass password -storepass password -keystore keystore.jks
keytool -genkey -keyalg RSA -validity 365 -alias clientkey -keypass password -storepass password -keystore client.jks
```
These keys are self-designed. In a production system, you should use a Certificate Authority (CA).

Export the client certificate to be imported in the server keystore:

keytool -export -rfc -keystore client.jks -storepass password -alias clientkey -file client.cer
keytool -import -trustcacerts -keystore keystore.jks -storepass password -alias clientkey -file client.cer

Verify that the client certificate is trusted in the server keystore:

keytool -list -v -keystore keystore.jks
...
Alias name: clientkey
Creation date: Aug 28, 2018
Entry type: trustedCertEntry
...

Remove the client.cer certificate.