在 Talend Administration Center 中配置 TLS/SSL - 7.3

Talend安装指南

Version
7.3
Language
中文(简体)
Operating system
Linux
Subscription type
订阅
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend DQ Portal
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend Log Server
Talend MDM Server
Talend MDM Web UI
Talend Repository Manager
Talend Runtime
Talend SAP RFC Server
Talend Studio
Content
安装和升级
Last publication date
2022-10-30

步骤

  1. 使用以下命令创建包含自签名证书的密钥库:
    keytool -genkey -keyalg RSA -alias tac-tomcat -keystore tac-tomcat-keystore.jks -storepass tacadmin -validity 3600 -keysize 2048
  2. 输入您的密钥库的密码两次,然后根据需要输入其他可选信息,例如您的姓名、您的组织名称、您所在的州/省等。例如,
    Enter keystore password:
    Re-enter new password:
    What is your first and last name?
    [Unknown]: localhost
    What is the name of your organizational unit?
    [Unknown]: Development
    What is the name of your organization?
    [Unknown]: Talend
    What is the name of your City or Locality?
    [Unknown]: Suresnes
    What is the name of your State or Province?
    [Unknown]: FR
    What is the two-letter country code for this unit?
    [Unknown]: FR
    Is CN=localhost, OU=TAC, O=Talend SA, L=Suresnes, ST=FR, C=FR correct?
    [no]: Y
    Enter key password for (RETURN if same as keystore password):

    请确保密钥和文件只用同一个密码。

  3. 打开以下文件:
    <TAC_HOME>/apache-tomcat/conf/server.xml
  4. 添加下述配置行,配置 Apache Tomcat 使用此密钥库:
    <!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="conf/tac-tomcat-keystore.jks" keystorePass="tacadmin"
    clientAuth="false" sslProtocol="TLS"/>
  5. 注释掉非 SSL 部分。
    <Connector executor="tomcatThreadPool"
    port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    throwOnFailure="true"
    redirectPort="8443" />
  6. 将密钥库证书添加到 Apache Tomcat 信任库。
    #export certificate into .cert file
    keytool -keystore tac-tomcat-keystore.jks -alias tac-tomcat -export -file tac-tomcat.cert
    #import certificate into jks
    keytool -keystore tac-tomcat-truststore.jks -alias tac-tomcat -import -file tac-tomcat.cert
    此步是为避免下述异常所必需的:
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target during user authentication.
  7. 添加 keystoreFilekeystorePass 参数及参数值。
  8. 打开以下文件:
    <TAC_HOME>/apache-tomcat/setenv.sh
  9. 将下行
    set "JAVA_OPTS=$JAVA_OPTS -Xmx4096m -Dfile.encoding=UTF-8"
    改成
    set "JAVA_OPTS=$JAVA_OPTS -Xmx4096m -Dfile.encoding=UTF-8 -Djavax.net.ssl.trustStore=$CATALINA_HOME/conf/tac-tomcat-truststore.jks -Djavax.net.ssl.trustStorePassword=tacadmin"
  10. 重新启动 Talend Administration Center

    通过此地址检查 Talend Administration Center URL:https://localhost:8443/org.talend.administrator

    更多信息,请参阅 https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html