topic tRest configuration for a mTLS connection in Talend Studio

tRest configuration for a mTLS connection

pthomas — Tue, 12 Aug 2025 18:41:17 GMT

I am trying to set up a connection to a restful service using an NPE cert. I don't see many options in the tRest component.

How do I tell the connection to use my cert?

Re: tRest configuration for a mTLS connection

Dave_Simo — Tue, 12 Aug 2025 19:24:46 GMT

Hello @pthomas

ChatGPT's response, I think it should help you.

Got it — you’re using Talend (the tRest component) and need to connect to a RESTful service that requires an NPE certificate (I’m guessing you mean an NPE-issued SSL client certificate, like from a government or partner service).

tRest itself doesn’t have a big GUI for certificate handling — it mostly passes HTTP calls to the underlying Java HttpClient or CXF client — so the certificate setup has to happen at the Java keystore level before the component runs.

Here’s how you can set it up:

1. Convert your certificate to a Java keystore
If you have your certificate in .pfx or .p12 format:

bash
Copier
Modifier
keytool -importkeystore \
-srckeystore mycert.p12 \
-srcstoretype PKCS12 \
-destkeystore mykeystore.jks \
-deststoretype JKS
You’ll be prompted for a password — remember it, you’ll use it in Talend.

2. Tell Talend (Java) to use your cert
In Talend Studio:

Go to Run → Advanced settings for your job.

In the JVM Arguments, add:

text
Copier
Modifier
-Djavax.net.ssl.keyStore="C:/path/to/mykeystore.jks"
-Djavax.net.ssl.keyStorePassword=yourpassword
-Djavax.net.ssl.trustStore="C:/path/to/mytruststore.jks"
-Djavax.net.ssl.trustStorePassword=trustpassword
The truststore contains the CA that issued the server’s certificate.
If you don’t have one, you can generate it with keytool -import from their public certificate.

3. Use tRest normally
Now, when tRest makes the HTTPS request, Java’s SSL layer will automatically present your client certificate and validate the server cert.

4. Alternative: tRestClient
If you need more control over authentication headers, TLS versions, or timeouts, tRestClient (Talend ESB components) can sometimes make certificate handling easier — especially if you use a CXF configuration file (cxf.xml) that specifies your key and trust store.
But the keystore/truststore system properties still work there.

Best Reagrds

Re: tRest configuration for a mTLS connection

pthomas — Wed, 13 Aug 2025 14:03:44 GMT

I can use curl in terminal with the cert info. I'm wondering if I can use a tSystem with that curl.

I can access the certs but not modify them.

I'm surprised Talend doesn't have a component to hit a restful service with an NPE cert. I was hoping in the advanced tab of tRest there were examples of how the cert info could be added there.

Something like:

cert:location\file.cer
key:location\file.key
cacert:location\file.crt

Re: tRest configuration for a mTLS connection

Dave_Simo — Wed, 13 Aug 2025 16:02:09 GMT

Hello @pthomas

Test configuration below, I had managed to access a web service which requested a certificate using a tKeystore at the beginning and I was using a tRestClient and not a tRest.

https://community.qlik.com/t5/Official-Support-Articles/Talend-Studio-How-to-set-a-truststore-for-an-SSL-TLS-connection/ta-p/2151753

Best Regards