Three ways to set a truststore for SSL/TLS connection in a Job

Symptom

You want to invoke an HTTPS URL in your Job, for example you want to use tMDMConnection to access this MDM URL:

https://localhost:8543/talendmdm/services/soap. But it throws the following error while running the Job:

...

Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://localhost:8543/talendmdm/services/soap: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
     at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1376)
     at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1360)
     at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
     at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:651)
     at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
     ... 10 more

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Diagnosis

To invoke the HTTPS URL on the client side, you must provide the certification file of the HTTPS URL. It will throw the previous error if it can't find the certification file.

Solution

There are three ways to provide the certification file in the Job:

  1. Use the tSetKeystore component.

    tsetkeystore.png

     

  2. Use the tPrejob+ tJava component with the following code:

    System.setProperty("javax.net.ssl.trustStore", "C:/Users/username/myKeystore.keystore");
    System.setProperty("javax.net.ssl.trustStorePassword", "xxx");

    tJava.png

     

  3. Set up the following two jvm parameters for the job's RUN jvm:

    -Djavax.net.ssl.trustStore='C:/Users/username/myKeystore.keystore' -Djavax.net.ssl.trustStorePassword=password

    jvm.png

Version history
Revision #:
3 of 3
Last update:
‎10-03-2017 12:50 PM
Updated by:
 
Labels (2)
Contributors
Comments
petersmith

"you must provide the certification file of the HTTPS URL"

 

what does this mean?

achen

Hi Peter,

The certification file mean the truststore file which is used for the ssl authentication for the HTTPS URL, and it's also required to provide the truststore passwd

e.g.

-Djavax.net.ssl.trustStore='C:/Users/username/myKeystore.keystore' -Djavax.net.ssl.trustStorePassword=password