Securing connections for Talend Dictionary Service - 7.3

Talend Installation Guide for Linux

Version
7.3
Language
English
EnrichDitaval
Linux
EnrichSubscriptionType
Subscription
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend DQ Portal
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend LogServer
Talend MDM Server
Talend MDM Web UI
Talend Repository Manager
Talend Runtime
Talend SAP RFC Server
Talend Studio
Content
Installation and Upgrade
Available in...

Big Data Platform

Data Fabric

Data Management Platform

Data Services Platform

MDM Platform

Real-Time Big Data Platform

Procedure

  1. Open the <Tomcat>/conf/server.xml file.
  2. Comment the non-SSL part:
    <!-- <Connector port="8187" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8550" /> -->
  3. Uncomment the following lines:
    <!-- <Connector port="8550"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    clientAuth="false"
    sslProtocol="TLS"/> -->
    
  4. Add the following lines:
    keystoreFile="<certificate_path>/server.keystore.jks" 
    keystorePass="<certificate_password>"
    
  5. Open the <Tomcat>/conf/data-quality.properties file.
  6. To secure connections with MongoDB, edit the following lines:
    dq.mongo.ssl=true
    dq.mongo.ssl.trust-store=<path_to_truststore>
    dq.mongo.ssl.trust-store-password=<truststore_password>
  7. To secure connections with Kafka using communication encryption only, edit the following lines:
    spring.cloud.stream.kafka.binder.configuration.security.protocol=SSL
    spring.cloud.stream.kafka.binder.configuration.ssl.truststore.location=<path_to_truststore>
    spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password=<truststore_password>
  8. To secure connections with Kafka using authentication, edit the following lines:
    spring.cloud.stream.kafka.binder.configuration.ssl.keystore.location=<path_to_keystore>
    spring.cloud.stream.kafka.binder.configuration.ssl.keystore.password=<keystore_password>
    spring.cloud.stream.kafka.binder.configuration.ssl.key.password=<key_password>
  9. To secure connections with Talend Identity and Access Management, change the below URLs from http to https:
    oidc.url=https://<iam_url:port>/oidc
    scim.url=https://<iam_url:port>/scim
    Note that the communication encryption parameters must also be defined to use authentication.

Results

Talend Dictionary Service only supports the Java Key Store (.jks) format to store keys and certificates.

To enable HTTPS support on Tomcat, see https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html.

To enable SSL support on MongoDB, see https://docs.mongodb.com/v3.0/tutorial/configure-ssl/.

To enable SSL support on Kafka, see http://kafka.apache.org/documentation.html#security_ssl.

To enable SSL support on Talend Identity and Access Management, see Securing connections for Talend Identity and Access Management.