How to configure SSL-enabled Git or SVN with TAC and Studio

Introduction

There are two ways to configure SSL-enabled Git or SVN with TAC and Studio, depending on whether you are using a custom certificate or creating (or reusing) a new keystore file.

 

Talend Administrator Console

Using a custom certificate

  1. Import the custom certificate into your cacerts file from $JAVA_HOME/jre/lib/security using the following command:

    keytool -import -trustcacerts -alias mycert -file mycompany.crt -keystore cacerts
  2. Start Talend Administrator Console and configure SVN/Git.

 

Creating a new keystore file

  1. Create the new keystore file using the following command. You must provide the required key information:

    keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 2048
  2. Import the certificate to that keystore using the following command:

    keytool -import -trustcacerts -alias mydomain -file mycompany.crt -keystore KeyStore.jks
  3. Edit the TAC_home/bin/setenv.sh/bat file and add the following Java flags to the JAVA_OPTS variable:

    -Djavax.net.ssl.trustStore=complete path to certificate file
    -Djavax.net.ssl.trustStorePassword=password
  4. Start Talend Administrator Console and configure SVN/Git.

 

Studio

Using a custom certificate

  1. Import the custom certificate into your cacerts file from $JAVA_HOME/jre/lib/security using the following command:

    keytool -import -trustcacerts -alias mycert -file mycompany.crt -keystore cacerts
  2. Alternatively, you could copy the cacerts file from the TAC server and replace the one in the Studio Java directory.

 

Using the newly-created keystore file

  1. Copy the keystore file from the TAC server and paste it into any directory of the Studio machine.
  2. Edit the Studio_home/Talend-Studio-win-x86_64.ini file and add the following Java flags:

    -Djavax.net.ssl.trustStore=complete path to certificate file
    -Djavax.net.ssl.trustStorePassword=password

Note: If the certificate changes often, it's not feasible to follow these steps in Studio, as there will be multiple developers doing the same actions. In that case, keep the keystore file in a shared directory (which should be accessible from all Studio machines) and set the preceding Java flags. If the certificate changes, an administrator must copy the keystore file to the shared location, and individual copies of Studio must be restarted (assuming there were no changes in the keystore file name and password).

Version history
Revision #:
3 of 3
Last update:
‎11-30-2017 04:35 PM
Updated by: