Creating the trusted client certificate - Cloud

Talend Remote Engine User Guide for Linux

author
Talend Documentation Team
EnrichVersion
Cloud
EnrichProdName
Talend Cloud
task
Design and Development
Installation and Upgrade
EnrichPlatform
Talend Remote Engine
Use keytool (provided with the JDK) to manipulate the keys and certificates.

Procedure

  1. Create two key pairs:
    1. one for the server (used for SSL)
    2. one as an example on the client side (used for "trust")
      It should be performed for each client.
    mkdir -p etc/keystores
    cd etc/keystores
    keytool -genkey -keyalg RSA -validity 365 -alias serverkey -keypass password -storepass password -keystore keystore.jks
    keytool -genkey -keyalg RSA -validity 365 -alias clientkey -keypass password -storepass password -keystore client.jks

    These keys are self-designed. In a production system, you should use a Certificate Authority (CA).

  2. Export the client certificate to be imported in the server keystore:
    keytool -export -rfc -keystore clientKeystore.jks -storepass password -alias clientkey -file client.cer
    keytool -import -trustcacerts -keystore keystore.jdk -storepass password -alias clientkey -file client.cer
  3. Check that the client certificate is trusted in our keystore:
    keytool -list -v -keystore keystore.jks
    ...
    Alias name: clientkey
    Creation date: Aug 28, 2018
    Entry type: trustedCertEntry
    ...
  4. Remove the client.cer certificate.