Enabling client authentication for SSL - Cloud - 8.0

Talend ESB Container Administration Guide

Version
Cloud
8.0
Language
English
Product
Talend Cloud
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Administration and Monitoring
Design and Development
Installation and Upgrade

To exchange certificates and allow only "trusted" clients to use the Talend Runtime Container HTTP service, you need to follow the following instructions.

  1. Enable the HTTP client auth support in the Karaf-based Talend Runtime Container.

    When you install the HTTP feature, the container leverages Pax-Web to provide HTTP OSGi service:

    karaf@trun> feature:install http
  2. Add a custom etc/org.ops4j.pax.web.cfg file with the following content:

    org.osgi.service.http.port=8181
    
    org.osgi.service.http.port.secure=9001
    org.osgi.service.http.secure.enabled=true
    org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks
    org.ops4j.pax.web.ssl.password=password
    org.ops4j.pax.web.ssl.keypassword=password
    #org.ops4j.pax.web.ssl.clientauthwanted=false
    org.ops4j.pax.web.ssl.clientauthneeded=true

    The clientauthwanted and clientauthneeded properties are valid for Karaf 2.2.x which uses Pax Web 1.0.x. For more information about the version of Karaf your Talend Runtime Container is based on, see the Talend Installation Guide or the Release Notes.

    Thanks to the clientauthneeded property, the client is "forced" to be trusted.