Studio & Tac SSL configuration
1. Generate the keystore and truststore file on Tomcat side：
1.1. Generate the keystore as “jks” format which include the Public key and
Private Key,make sure the password are same for the keypass and storepass
keytool -genkey -alias server -keystore E:/ssl/serverKeystore.jks -keypass
123456 -storepass 123456 -keyalg RSA -keysize 512 -validity 365 -v -dname
"CN = 127.0.0.1,O = Talend Soft,L=ChaoYang,ST=Beijing,OU = Talend
Technology"
1.2. Export the server's certificate from the server keystore
keytool -export -alias server -keystore E:/ssl/serverKeystore.jks -storepass
123456 -file E:/ssl/server.cer
1.3. Import the server.cer to the trust list of the clientTruststore.jks.
keytool -import -alias trustServer -file E:/ssl/server.cer -keystore
E:/ssl/clientTruststore.jks -storepass 123456
2. Generate the keystore and truststore file on Talend Studio and browser side：
2.1. Generate the keystore as jks format,same as 1.1 but for client
keytool -genkey -alias client -keystore E:/ssl/clientKeystore.jks -keypass
123456 -storepass 123456 -keyalg RSA -keysize 512 -validity 365 -v -dname
"CN = 127.0.0.1,O = Talend Soft,L=ChaoYang,ST=Beijing,OU = Talend
Technology"
2.2 Generate the keystore as PKCS12 format for the client browser
keytool -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype
PKCS12 -keystore E:/ssl/client.p12 -storepass 123456 -keypass 123456 dname "CN = 127.0.0.1,O = Talend Soft,L=ChaoYang,ST=Beijing,OU = Talend
Technology"
2.3. Export the client's certificate from the client keystore
keytool -export -alias client -keystore E:/ssl/clientKeystore.jks -storepass
123456 -file E:/ssl/client.cer
2.4 Export the browser's certificate from the client.p12 file
keytool -export -v -alias client -keystore E:/ssl/client.p12 -storetype
PKCS12 -storepass 123456 -rfc -file E:/ssl/browser.cer
2.5. import the client.cer to the trust list of the serverTruststore.jks。
keytool -import -alias trustClient -file E:/ssl/client.cer -keystore
E:/ssl/serverTruststore.jks -storepass 123456
2.6 import the browser.cer to the trust list of the serverTruststore.jks。
keytool -import -alias trustBrowserClient -file E:/ssl/browser.cer keystore E:/ssl/serverTruststore.jks -storepass 123456
So at last you can see in the "E:/ssl"(of course this one you can define by yourself
on your machine)
Tomcat side： serverKeystore.jks serverTruststore.jks server.cer
Studio side： clientKeystore.jks clientTruststore.jks client.cer
Browser side: client.p12,browser.cer
If you want to access the tac from browser via SSL,please double click the
client.p12 file to install it to your certificate directory for your browser.
3. Config the server.xml of tomcat side
please find the server.xml in your tomcat,and change the ssl part to below
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="E:/ssl/serverKeystore.jks" keystorePass="123456"
truststoreFile="E:/ssl/serverTruststore.jks" truststorePass="123456" />
4. Config the studio side
4.1. if it is DEV enviroment,please add arguments to your VM of the studio launch
-Dtac.net.ssl.ClientKeyStore="E:/ssl/clientKeystore.jks"
-Dtac.net.ssl.ClientTrustStore="E:/ssl/clientTruststore.jks"
-Dtac.net.ssl.KeyStorePass="123456"
4.2 if it is build enviroment,please add argument in your *.ini file,such as TalendStudio-win-x86_64.ini
same arguments as 4.1.
4.3 if you does not config the arguments in *.int,then when you launch the
studio,if it is SSL connection,will pop up a dialog to let you input the arguments.
5. Start the tomcat(make sure there is no error log,if has error,please check your
server.xml)
6. Then launch stuido,create a connection with url
"https://localhost:8443/org.talend.administrator",check the connection,it will
be ok.
7. Open the browser,access the url
https://localhost:8443/org.talend.administrator,will be successful