Configure TLS/SSL in Talend Administration Center - 7.3

Talend Big Data Installation Guide for Linux

Version
7.3
Language
English (United States)
EnrichDitaval
Big Data for Linux
Product
Talend Big Data
Module
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend Log Server
Talend Runtime
Talend Studio
Content
Installation and Upgrade

Procedure

  1. Create a keystore containing a self signed certificate using the command:
    keytool -genkey -keyalg RSA -alias tac-tomcat -keystore tac-tomcat-keystore.jks -storepass tacadmin -validity 3600 -keysize 2048
  2. Enter the password for your keystore twice, then enter the other optional information, such as your name, the name of your organization, your state and so on, if needed. For example,
    Enter keystore password:
    Re-enter new password:
    What is your first and last name?
    [Unknown]: localhost
    What is the name of your organizational unit?
    [Unknown]: Development
    What is the name of your organization?
    [Unknown]: Talend
    What is the name of your City or Locality?
    [Unknown]: Suresnes
    What is the name of your State or Province?
    [Unknown]: FR
    What is the two-letter country code for this unit?
    [Unknown]: FR
    Is CN=localhost, OU=TAC, O=Talend SA, L=Suresnes, ST=FR, C=FR correct?
    [no]: Y
    Enter key password for (RETURN if same as keystore password):

    Make sure to use the same password for key and file.

  3. Open the following file:
    <TAC_HOME>/apache-tomcat/conf/server.xml
  4. Comment the non-SSL part.
    <Connector executor="tomcatThreadPool"
    port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    throwOnFailure="true"
    redirectPort="8443" />
  5. Add the keystore certificate to Apache Tomcat trustore.
    #export certificate into .cert file
    keytool -keystore tac-tomcat-keystore.jks -alias tac-tomcat -export -file tac-tomcat.cert
    #import certificate into jks
    keytool -keystore tac-tomcat-truststore.jks -alias tac-tomcat -import -file tac-tomcat.cert
    This is necessary to avoid the following exception:
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target during user authentication.
  6. Open the following file:
    <TAC_HOME>/apache-tomcat/setenv.sh
  7. Change the line
    set "JAVA_OPTS=%JAVA_OPTS% -Xmx4096m -Dfile.encoding=UTF-8"
    with
    set "JAVA_OPTS=%JAVA_OPTS% -Xmx4096m -Dfile.encoding=UTF-8 -Djavax.net.ssl.trustStore=$CATALINA_HOME/conf/tac-tomcat-truststore.jks -Djavax.net.ssl.trustStorePassword=tacadmin"
  8. Restart Talend Administration Center.

    Check the Talend Administration Center URL with the following address https://localhost:8443/org.talend.administrator.

    For more information, see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html.