topic Re: thttpclient configure with certificate client in Talend Studio

thttpclient configure with certificate client

lguevara — Tue, 14 Oct 2025 23:14:30 GMT

Hi,

I want to execute a POST method, but this use an Client Certificate for authenticate (Host, CRT file and KEY file).

Please How configure this using the component thttpclient in talend studio.

Thanks,

Re: thttpclient configure with certificate client

Xiaodi_Shi — Wed, 15 Oct 2025 01:23:10 GMT

Hello @lguevara

tHTTPClient component have "a "Bypass server certificate validation" option in the advanced settings which is used to prevent the client from validating the server certificate.

https://help.qlik.com/talend/en-US/components/8.0/http/thttpclient

For your use case, please get the certificates from target API server and use keytool import to target keystore file, if you don't want to use tSetKeyStore componnet specifically, then you can import certificates into JVM/lib/security/cacerts used by talend studio.

keytool -import -trustcacerts -alias xxxcert-1 -file /temp/a-cert-1.cer -keystore jvm/lib/security/cacerts -storepass changeit keytool -import -trustcacerts -alias xxxcert-2 -file /temp/a-cert-2.cer -keystore jvm/lib/security/cacerts -storepass changeit keytool -import -trustcacerts -alias xxxcert-3 -file /temp/a-cert-3.cer -keystore jvm/lib/security/cacerts -storepass changeit

tHttpClient needs to uncheck "Bypass server certificate validation".

Best regards

Sabrina

Re: thttpclient configure with certificate client

lguevara — Wed, 15 Oct 2025 14:16:51 GMT

Hi @Xiaodi_Shi ,

Thanks this for the information, this works fine using talend studio

openssl pkcs12 -export -in application.cert -inkey application.key -out client_app_cert.p12 -name "client_app_certificate" -password pass:changeit keytool -import -alias api_cliente_seguro -file C:\path\server.crt -keystore C:\path\truststore.jks -storepass changeit -- And in JVM arguments -Djavax.net.ssl.keyStore="C:/path/client_app_cert.p12" -Djavax.net.ssl.keyStoreType="PKCS12" -Djavax.net.ssl.keyStorePassword="changeit" -Djavax.net.ssl.trustStore="C:/path/truststore.jks" -Djavax.net.ssl.trustStorePassword="changeit" And check bypass server certificate validation

But when I publish this job to TMC and run this task over the remote engine that has path and the files .p12 and .jks correct. I get and error 403 forbidden.

Maybe you know why?

thanks,

Re: thttpclient configure with certificate client

Xiaodi_Shi — Thu, 16 Oct 2025 01:12:13 GMT

Hello @lguevara

I'm supposing the error message you got looks like below?

Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://xxxxxxxx.com/xxxapi:443: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Please make sure you did import the certificates into JVM/lib/security/cacerts used by Remote Engine.

When you're talking about running the job on a Remote Engine, it will always be best practice to use the tSetKeystore, and map that to a keystore/truststore on the instance in question.

Keystores are local to whichever instance the job is running on; the Studio settings for the keystore are only for Metadata connections, and only stay on that specific studio instance.

You should set your own expectations that a keystore/truststore should be created on the instance where the RE resides, and should contain all other required certs for the jobs in question.

Best regards

Sabrina

Re: thttpclient configure with certificate client

lguevara — Thu, 16 Oct 2025 02:00:38 GMT

Hi @Xiaodi_Shi

Using tSetKeystore works fine in TMC.

Thanks

Re: thttpclient configure with certificate client

Xiaodi_Shi — Tue, 21 Oct 2025 08:19:02 GMT

Hello,
Thanks for your feedback and set it as Solution.

Best regards

Sabrina