SSL Configuration Talend RunTime

One Star

SSL Configuration Talend RunTime

Hi All,
I have been trying to move a few web services on Talend RunTime from http to https. I'm able to expose the services on 9001 port using the default keystore provided by talend, but when I try use a new keystore, which has a self-signed certificate from salesforce, the services aren't exposed and I get a " Keystore was tampered with, or password was incorrect" in the logs. Below is the sequence of steps I tried, kindly help me in figuring the right way to do this, I am a newbie to https.
1) Downloaded the self-signed certificate file from salesforce (Cert1.cer)
2) Generated a key store through the console with the above certificate using the following command,
keytool -importcert -alias sfcert -file Cert1.cer -storetype jks -keystore sfkeystore.jks -storepass sfpass -keypass sfpass
3) copied the generated "sfkeystore.jks" file to /etc/keystores directory of talend
4) Modified the "org.ops4j.pax.web.cfg" file to the below contents,
with the above config, the services aren't running at all because of the password incorrect error. Is there any other additional steps i should be doing to make this work?

warm regards,


Re: SSL Configuration Talend RunTime

I'm unsure whether the key you're downloading is meant as the *client's* key (i.e., you're making SOAP calls against salesforce and it is optionally requiring client key authentication, not always needed with SSL), or is the server's public cert (i.e., you're making SOAP calls against salesforce). Since you're downloading the key, I'm assuming the latter (i.e., you're downloading the salesforce's public key with the intention of making SOAP calls against it--am I correct?), you normally don't download self-signed certificates but instead create them yourself (see Step #1 here: If this is the case:
1.) In your keytoool -import of the server's key, you should be using the -trustcacerts flag, see item #8 here:
You also won't have a -keypass setting, as you won't know the private key password, you're just importing the server's public cert and it doesn't have an internal password. (-keypass is needed though for client key generation).
2.) Once done, use the keytool -list command to confirm you have the keystore password (*not* key password) correct, as shown in Step #3 here:
Again, though I don't know what the purpose is of the cert you're downloading--I can't see salesforce providing self-signed certs, rather public certs for making SOAP calls against it. (i.e., you may not even need the cert salesforce is providing you if you're not making SOAP calls against it.)
One Star

Re: SSL Configuration Talend RunTime

Hi gmazza,
Seems like I have messed up in what I am trying to do. Basically I have a web service running in an external server, and I'm making a SOAP calls against it from SalesForce. Currently the service is running on http and I need to configure it to https. I configured Talend RunTime to expose it services on https on port 443 and used the default keystore of talend.
When I tried to make the SOAP call from salesforce, SalesForce threw an Exception " unable to find valid certification path to requested target".
I assumed that I needed a valid certificate for https on the external server that salesforce approves, and thought I could use the Salesforce Self signed certificate(Is this completely a wrong approach?). Can you tell me what should be done to make this work?

Re: SSL Configuration Talend RunTime

Invariably that error message means that the service's public cert is not in the SOAP client's truststore. Now what is the service and what is the SOAP client depends on your particular circumstance, but you're making a SOAP call, it's going to the truststore to find the web service provider's public cert (being imported as a trustcacerts entry), and not finding it.

Calling Talend Open Studio Users

The first 100 community members completing the Open Studio survey win a $10 gift voucher.

Start the survey


Talend named a Leader.

Get your copy


Kickstart your first data integration and ETL projects.

Download now

What’s New for Talend Summer ’19

Watch the recorded webinar!

Watch Now

Talend API Designer – Technical Overview

Take a look at this technical overview video of Talend API Designer

Watch Now

Getting Started with APIs

Find out how to get started with APIs