To set up an HTTPS secure connection between the different services, as well as
with the MongoDB server, you need to edit the
application.properties file.
Note that securing the MongoDB connection is not possible if you selected the embedded
MongoDB instance during the installation process.
If you want to secure connections with MongoDB using SSL, MongoDB Enterprise Server has
to be manually installed on your machine.
For more information, refer to the supported MongoDB versions in Compatible databases.
Procedure
-
Open the
<Data_Preparation_Path>\config\application.properties
file.
-
To define the path and password of the certificate for the Data Preparation
server, edit the following lines:
# server TLS setup
tls.key-store=/path/to/key-store.jks
tls.key-store-password=key-store_password
-
To define the path and password of the signing Certificate Authority (CA) that
issued the server certificate, edit the following lines:
tls.trust-store=/path/to/trust-store.jks
tls.trust-store-password=trust-store_password
-
To make the security control more flexible regarding the certificate common
name and its URL, edit the following lines:
# false to disable hostname verification
tls.verify-hostname=true
-
To define the path and password of the signing Certificate Authority (CA) that
issued the MongoDB server certificate, edit the following lines:
mongodb.ssl=true
mongodb.ssl.trust-store=/path/to/trus-store.jks
mongodb.ssl.trust-store-password=trust-store-password
-
Change the services URLs from
http
to https
:
dataset.service.url=https://${public.ip}:${server.port}
dataset-dispatcher.service.url=https://${public.ip}:${server.port}
transformation.service.url=https://${public.ip}:${server.port}
preparation.service.url=https://${public.ip}:${server.port}
fullrun.service.url=https://${public.ip}:${server.port}
gateway.service.url=https://${public.ip}:${server.port}
security.oidc.client.logoutSuccessUrl=https://${public.ip}:${server.port}
gateway-api.service.url=https://${public.ip}:${server.port}
zuul.routes.api.url=https://${public.ip}:${server.port}/api
zuul.routes.upload.url=https://${public.ip}:${server.port}/api
Results
Talend Data Preparation only supports the Java Key Store
(.jks) format to store keys and certificates.