Configure TLS/SSL in Talend Administration Center - 7.3

Talend Installation Guide

Version
7.3
Language
English
Operating system
Linux
Subscription type
Subscription
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend DQ Portal
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend LogServer
Talend MDM Server
Talend MDM Web UI
Talend Repository Manager
Talend Runtime
Talend SAP RFC Server
Talend Studio
Content
Installation and Upgrade
Last publication date
2022-10-30

Procedure

  1. Create a keystore containing a self signed certificate using the command:
    keytool -genkey -keyalg RSA -alias tac-tomcat -keystore tac-tomcat-keystore.jks -storepass tacadmin -validity 3600 -keysize 2048
  2. Enter the password for your keystore twice, then enter the other optional information, such as your name, the name of your organization, your state and so on, if needed. For example,
    Enter keystore password:
    Re-enter new password:
    What is your first and last name?
    [Unknown]: localhost
    What is the name of your organizational unit?
    [Unknown]: Development
    What is the name of your organization?
    [Unknown]: Talend
    What is the name of your City or Locality?
    [Unknown]: Suresnes
    What is the name of your State or Province?
    [Unknown]: FR
    What is the two-letter country code for this unit?
    [Unknown]: FR
    Is CN=localhost, OU=TAC, O=Talend SA, L=Suresnes, ST=FR, C=FR correct?
    [no]: Y
    Enter key password for (RETURN if same as keystore password):

    Make sure to use the same password for key and file.

  3. Open the following file:
    <TAC_HOME>/apache-tomcat/conf/server.xml
  4. Configure Apache Tomcat to use this keystore by adding the following lines:
    <!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="conf/tac-tomcat-keystore.jks" keystorePass="tacadmin"
    clientAuth="false" sslProtocol="TLS"/>
  5. Comment the non-SSL part.
    <Connector executor="tomcatThreadPool"
    port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    throwOnFailure="true"
    redirectPort="8443" />
  6. Add the keystore certificate to Apache Tomcat trustore.
    #export certificate into .cert file
    keytool -keystore tac-tomcat-keystore.jks -alias tac-tomcat -export -file tac-tomcat.cert
    #import certificate into jks
    keytool -keystore tac-tomcat-truststore.jks -alias tac-tomcat -import -file tac-tomcat.cert
    This is necessary to avoid the following exception:
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target during user authentication.
  7. Add keystoreFile and keystorePass parameters and values.
  8. Open the following file:
    <TAC_HOME>/apache-tomcat/setenv.sh
  9. Change the line
    set "JAVA_OPTS=$JAVA_OPTS -Xmx4096m -Dfile.encoding=UTF-8"
    with
    set "JAVA_OPTS=$JAVA_OPTS -Xmx4096m -Dfile.encoding=UTF-8 -Djavax.net.ssl.trustStore=$CATALINA_HOME/conf/tac-tomcat-truststore.jks -Djavax.net.ssl.trustStorePassword=tacadmin"
  10. Restart Talend Administration Center.

    Check the Talend Administration Center URL with the following address: https://localhost:8443/org.talend.administrator.

    For more information, see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html.