Create the trusted client certificate - 7.3

Talend ESB Container Administration Guide

Talend Cloud
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Talend ESB
Talend Runtime
Administration and Monitoring
Design and Development
Installation and Upgrade
Last publication date

About this task

You are going to use a keytool (provided with the JDK) to manipulate the keys and certificates.


  1. Create two key pairs:
    • one for the server side (use for SSL),

    • one as an example of the client side (use for "trust", should be performed for each client, on the client side).

    mkdir -p etc/keystores
    cd etc/keystores
    keytool -genkey -keyalg RSA -validity 365 -alias serverkey -keypass password -storepass password -keystore keystore.jks
    keytool -genkey -keyalg RSA -validity 365 -alias clientkey -keypass password -storepass password -keystore client.jks
    These key are self-signed. In a production system, you should use a Certificate Authority (CA).
  2. Export the client certificate to be imported in the server keystore:
    keytool -export -rfc -keystore client.jks -storepass password -alias clientkey -file client.cer
    keytool -import -trustcacerts -keystore keystore.jks -storepass password -alias clientkey -file client.cer
  3. Check that the client certificate is trusted in our keystore:
    keytool -list -v -keystore keystore.jks
    Alias name: clientkey
    Creation date: Dec 12, 2012
    Entry type: trustedCertEntry
  4. You can now remove the client.cer certificate.