Studio & Tac SSL configuration 1. Generate the keystore and truststore file on Tomcat side: 1.1. Generate the keystore as “jks” format which include the Public key and Private Key,make sure the password are same for the keypass and storepass keytool -genkey -alias server -keystore E:/ssl/serverKeystore.jks -keypass 123456 -storepass 123456 -keyalg RSA -keysize 512 -validity 365 -v -dname "CN = 127.0.0.1,O = Talend Soft,L=ChaoYang,ST=Beijing,OU = Talend Technology" 1.2. Export the server's certificate from the server keystore keytool -export -alias server -keystore E:/ssl/serverKeystore.jks -storepass 123456 -file E:/ssl/server.cer 1.3. Import the server.cer to the trust list of the clientTruststore.jks. keytool -import -alias trustServer -file E:/ssl/server.cer -keystore E:/ssl/clientTruststore.jks -storepass 123456 2. Generate the keystore and truststore file on Talend Studio and browser side: 2.1. Generate the keystore as jks format,same as 1.1 but for client keytool -genkey -alias client -keystore E:/ssl/clientKeystore.jks -keypass 123456 -storepass 123456 -keyalg RSA -keysize 512 -validity 365 -v -dname "CN = 127.0.0.1,O = Talend Soft,L=ChaoYang,ST=Beijing,OU = Talend Technology" 2.2 Generate the keystore as PKCS12 format for the client browser keytool -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore E:/ssl/client.p12 -storepass 123456 -keypass 123456 dname "CN = 127.0.0.1,O = Talend Soft,L=ChaoYang,ST=Beijing,OU = Talend Technology" 2.3. Export the client's certificate from the client keystore keytool -export -alias client -keystore E:/ssl/clientKeystore.jks -storepass 123456 -file E:/ssl/client.cer 2.4 Export the browser's certificate from the client.p12 file keytool -export -v -alias client -keystore E:/ssl/client.p12 -storetype PKCS12 -storepass 123456 -rfc -file E:/ssl/browser.cer 2.5. import the client.cer to the trust list of the serverTruststore.jks。 keytool -import -alias trustClient -file E:/ssl/client.cer -keystore E:/ssl/serverTruststore.jks -storepass 123456 2.6 import the browser.cer to the trust list of the serverTruststore.jks。 keytool -import -alias trustBrowserClient -file E:/ssl/browser.cer keystore E:/ssl/serverTruststore.jks -storepass 123456 So at last you can see in the "E:/ssl"(of course this one you can define by yourself on your machine) Tomcat side: serverKeystore.jks serverTruststore.jks server.cer Studio side: clientKeystore.jks clientTruststore.jks client.cer Browser side: client.p12,browser.cer If you want to access the tac from browser via SSL,please double click the client.p12 file to install it to your certificate directory for your browser. 3. Config the server.xml of tomcat side please find the server.xml in your tomcat,and change the ssl part to below <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="E:/ssl/serverKeystore.jks" keystorePass="123456" truststoreFile="E:/ssl/serverTruststore.jks" truststorePass="123456" /> 4. Config the studio side 4.1. if it is DEV enviroment,please add arguments to your VM of the studio launch -Dtac.net.ssl.ClientKeyStore="E:/ssl/clientKeystore.jks" -Dtac.net.ssl.ClientTrustStore="E:/ssl/clientTruststore.jks" -Dtac.net.ssl.KeyStorePass="123456" 4.2 if it is build enviroment,please add argument in your *.ini file,such as TalendStudio-win-x86_64.ini same arguments as 4.1. 4.3 if you does not config the arguments in *.int,then when you launch the studio,if it is SSL connection,will pop up a dialog to let you input the arguments. 5. Start the tomcat(make sure there is no error log,if has error,please check your server.xml) 6. Then launch stuido,create a connection with url "https://localhost:8443/org.talend.administrator",check the connection,it will be ok. 7. Open the browser,access the url https://localhost:8443/org.talend.administrator,will be successful