To exchange certificates and allow only "trusted" clients to use the Talend Runtime Container HTTP service, you need to follow the following instructions.
Enable the HTTP client auth support in the Karaf-based Talend Runtime Container.
When you install the HTTP feature, the container leverages Pax-Web to provide HTTP OSGi service:
karaf@trun> feature:install http
Add a custom etc/org.ops4j.pax.web.cfg file with the following content:
org.osgi.service.http.port=8181 org.osgi.service.http.port.secure=9001 org.osgi.service.http.secure.enabled=true org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks org.ops4j.pax.web.ssl.password=password org.ops4j.pax.web.ssl.keypassword=password #org.ops4j.pax.web.ssl.clientauthwanted=false org.ops4j.pax.web.ssl.clientauthneeded=true
clientauthneededproperties are valid for Karaf 2.2.x which uses Pax Web 1.0.x. For more information about the version of Karaf your Talend Runtime Container is based on, seeCompatible Apache software and JMS Brokers for Talend ESB.
Thanks to the
clientauthneededproperty, the client is "forced" to be trusted.