Enable Remote Engines to use your own signing keys to verify artifact
signatures.
If you configure the engine to use a custom signing key, the Talend-provided
keys are not used.
Before you begin
-
You must have set up your custom signing key on Talend Studio
side for artifact signature verification.
For further information, see Configuring custom Java KeyStore for Job artifact signature.
- Your Remote Engine must be v2.12.0 and onwards.
- Your Talend Studio
version must be R2022-06 and onwards.
- Only one KeyStore is allowed across a Remote Engine cluster.
- Only one KeyStore is allowed for the Remote Engines assigned to the source and the
target environments of a promotion.
Procedure
-
If not done yet, run this KARAF command:
feature:uninstall talend-job-server-signature-verifier-disabler
This command uninstalls the Karaf
talend-job-server-signature-verifier-disabler feature to
enable Job signature validation.
-
Copy-paste the JKS (Java KeyStore) file on the machine where your Remote Engine is
installed.
-
In the <RemoteEngineInstallationDirectory>/etc/org.talend.remote.jobserver.server.cfg file, add these
two properties:
org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_KEYSTORE=<path_to_jks_file_on_Remote_Engine>
org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_STORE_PASSWORD=<password_for_jks_file>
-
Save the file.