The following Talend services can be configured to use SSL:
Talend Runtime provides support for HTTP and HTTPS by default with the help of the pax web component. HTTP / HTTPS configuration for Talend Runtime is done in the org.ops4j.pax.web.cfg configuration file, located in TalendRuntimePath/container/etc/org.ops4j.pax.web.cfg.
To encrypt communication and secure the identification of a server, you can use the HTTPS protocol. HTTPS is based on SSL, which supports the encryption of messages sent via HTTP. To secure communication, HTTPS uses key pairs containing one public key and one private key. Data is encrypted with one key and can only be decrypted with the other key of the key pair. This establishes trust and privacy in message transfers.
For more information about the How-to steps, refer to SSL configuration.
The execution servers allow you to execute the Jobs (processes) developed with Talend Studio from the TAC Web application. The JobServer application provided by Talend allows you to choose a different JVM than the one used by default to launch your Jobs. Talend offers a Job server secured via SSL.
Generate key stores, set the location of the new Keystore, and configure in Job server. For more information about the How-to steps, refer to Installing and configuring JobServers.
Configure Nexus to Serve via SSL installed outside the Talend Runtime container. Providing access to the Nexus user interface and content via HTTPS only is a recommended best practice for any deployment.
The recommended approach to implementation is to proxy Nexus behind a server that is configured to serve content via SSL and leave Nexus configured for http. The advantage of this approach is that Nexus can easily be upgraded and there is no need to work with the JVM truststore. In addition, you can use the expertise of your system administrators and the preferred server for achieving the proxying, which in most cases will already be in place for other systems.
Alternatively, the Jetty instance that is part of the default Nexus install can be configured to serve SSL content directly, and if you would like to avoid the extra work of putting a web server like Apache httpd in front of Nexus. To configure Nexus to serve SSL directly to clients, you need to perform the following steps:
For more details, refer to http://books.sonatype.com/nexus-book/reference/ssl-sect-ssl-direct.html
Talend Administration Center and Kibana are Web applications. Kibana and TAC are installed outside the Talend Runtime container. They can be deployed on any Web server like Tomcat or JBOSS. First, the Webserver needs to be SSL enabled. Then, deployed applications (Kibana and TAC) can also be accessible using SSL. To install and configure SSL support on Tomcat, you need to install the SSL keystore file, and configure Tomcat.
Generate a Self-Certified Keystore File.
Sample keytool command invocation to create a 2048 bit key+"TalendKey" keystore file for the domain "talend.com":
“keytool -genkey -alias talend -keyalg RSA -keysize 2048 -keystore talendKey”.
Now provide the required key information and it generates the key.
Generate and Install a Browser Certificate File.
To import the above certificate into the client browser (IE + Chrome), we need to first export the .cer file from the above keystore:
keytool -export -keystore talendKey -alias talend -file c:\tmp\talend.cer Enter keystore password: Certificate stored in file c:\tmp\talend.cer
Import the .cer file created above into the Trusted Root Certification Authorities section.
<Connector port="8080" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="full path to keystore file from above" keystorePass="talend"/>
Logserver cannot currently be configured to use SSL, but it may be possible to enable SSL via proxy server.