Skip to main content Skip to complementary content

Generating key pairs for Signing and Encryption with ESB

Procedure

  1. Generate a keypair for client: 
    keytool -genkey -keystore myclientstore.jks -alias myclientalias -dname "CN=client" -keyalg RSA -validity 3650 -storepass myclientstorepass -keypass myclientkeypass
    keytool -export -keystore myclientstore.jks -alias myclientalias -file myclientcertificate.cer -storepass myclientstorepass
  2. Generate a keypair for service: 
    keytool -genkey -keystore myservicestore.jks -alias myservicealias -dname "CN={http://services.talend.org/ReservationService}ReservationServiceProvider" -keyalg RSA -validity 3650 -storepass myservicestorepass -keypass myservicekeypass
    keytool -export -keystore myservicestore.jks -alias myservicealias -file myservicecertificate.cer -storepass myservicestorepass
  3. Register public certificate into the XKMS repository:
    For encryption and signing, the public certificates from the client and the service should to be located or validated by the xkms service. To enable this, copy the .cer files under <TalendRuntimePath>/container/esbrepo/xkms/certificates/trusted_cas.
  4. Configure the Service consumer and providers for signing and encryption.

    • For the Service consumer configuration:

      1. Edit the etc/org.talend.esb.job.client.cfg configuration file:

        security.signature.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties
                                security.signature.username = myclientkey ( configure the alias name of your key in your keystore) as e.g. Above myclientalias
                                security.signature.password = ckpass ( configure the password of your key in your keystore) as e.g. Above myclientkeypass

      2. Edit the properties file defined in the security.signature.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties parameter of the etc/org.talend.esb.job.client.cfg configuration file as follows:

        org.apache.wss4j.crypto.merlin.keystore.type=jks
                                    org.apache.wss4j.crypto.merlin.keystore.password=cspass ( as eg above myclientstorepass)
                                    org.apache.wss4j.crypto.merlin.keystore.alias= myclientalias (as eg above myservicealias)
                                    org.apache.wss4j.crypto.merlin.keystore.file=./etc/keystores/mykeystore.jks (location of the myclientstore.jks file)

    • For the Service provider configuration:

      1. Edit the etc/org.talend.esb.job.service.cfg configuration file:

        security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties (as eg above myservicestore.jks)
                                security.signature.username = myservicekey ( as e.g. Above myservicealias)
                                security.signature.password = skpass (as e.g. Above myservicekeypass)

      2. Edit the properties file defined in the security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties parameter of the etc/org.talend.esb.job.service.cfg configuration file as follows:

        org.apache.wss4j.crypto.merlin.keystore.type=jks
                                    org.apache.wss4j.crypto.merlin.keystore.password=sspass (myservicestorepass)
                                    org.apache.wss4j.crypto.merlin.keystore.alias=myservicekey (myservicealias)
                                    org.apache.wss4j.crypto.merlin.keystore.file=./etc/keystores/servicestore.jks (myservicestore.jks)

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here