topic Re: Manage Cert and Key inside TRestClient Http Header in Talend Studio

Manage Cert and Key inside TRestClient Http Header

KevinLeleu — Sat, 16 Nov 2024 00:00:20 GMT

Hello,

I'm currently developping a Talend Job doing some work on Qlik sense API and for the access I have to Auth through a certificate and a key. The probleme is actually how to manage theses. I don't have right to generate a keystore in my system and have to go through a hard by inserting my cert and key in Http Header of TRestClient. How can I manage to do that ? Which parameters have I to use ? How they are managed (Inserting raw data, link to the pem file ?) ?

Thanks a lot

Kleleu

Re: Manage Cert and Key inside TRestClient Http Header

Anonymous — Tue, 29 Jun 2021 05:09:52 GMT

Hello,

Could you please have a look at this article about: https://community.talend.com/s/article/Three-ways-to-set-a-truststore-for-an-SSL-TLS-connection-in-a-Job-zc7CW to see if it is what you are looking for?

Best regards

Sabrina

Re: Manage Cert and Key inside TRestClient Http Header

KevinLeleu — Tue, 29 Jun 2021 09:12:04 GMT

Thank you, that was what I looked for.

Now the problem is the error following :

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any idea on what could cause this ?

Best regards

Re: Manage Cert and Key inside TRestClient Http Header

Anonymous — Tue, 29 Jun 2021 09:27:30 GMT

Hello,

When using an "https" URL, CXF will use the certs that are part of the JDK by default.

Usually it is located in $JAVA_HOME/jre/lib/security/cacerts and in this case the cacerts was old and not valid.

You are able to see more details by adding -Djavax.net.debug=all on your data service job.

What's JDK version are you using?

Best regards

Sabrina

Re: Manage Cert and Key inside TRestClient Http Header

KevinLeleu — Tue, 29 Jun 2021 09:57:41 GMT

I'm currently using JDK1.8.0. By using the -Djavax.net.debug=all it seems the trustStore used is the correct one.

Re: Manage Cert and Key inside TRestClient Http Header

Anonymous — Wed, 30 Jun 2021 03:16:33 GMT

Hello,

Please try to specify wrapper.java.additional.xx=-Djavax.net.ssl.trustStore=/path/to/your_cert or add javax.net.ssl.trustStore=/path/to/your_cert in [container]/etc/system.properties.

Feel free to let me know if it works.

Best regards

Sabrina

Re: Manage Cert and Key inside TRestClient Http Header

KevinLeleu — Wed, 30 Jun 2021 07:44:35 GMT

Hello,

I tried both solutions none of them worked.

A little more precision, originally both my certificate and my key are in pem format So at first executed this :

openssl pkcs12 -export -in [path to certificate] -inkey [path to private key] -certfile [path to certificate ] -out testkeystore.p12

and this :

keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore [My jks filename] -deststoretype JKS

to have a .jks format file. Does it have any influence on the result ?

Re: Manage Cert and Key inside TRestClient Http Header

Anonymous — Wed, 30 Jun 2021 08:08:41 GMT

Hello,

@KLeleu

I will make an investigation on your issue and then come back to you as soon as possible.

Best regards

Sabrina

Re: Manage Cert and Key inside TRestClient Http Header

gjeremy1617088143 — Wed, 30 Jun 2021 08:43:35 GMT

hi, you can use cacerts it works.

Send me LOve and Kudos

Re: Manage Cert and Key inside TRestClient Http Header

sacuke1 — Thu, 12 Aug 2021 17:19:07 GMT

I am also facing the same issue. Getting invalid certificate path despite using cacerts. I am also trying to call QlikSense Api. Any solution?

Re: Manage Cert and Key inside TRestClient Http Header

PawelM — Tue, 20 May 2025 13:26:03 GMT

Unfortunately, after migration, it is not possible to find anything in here ,
Anyway so I do not have an issue creating a trust store, but how to use it?

--cert PEM_CERT_.pem:<cert_secret>

In TRestClient, i do not know

Re: Manage Cert and Key inside TRestClient Http Header

Gjeremy — Tue, 27 Jan 2026 09:55:47 GMT

For tRestClient component, if it's for a DI job, you can use a tSetKeystore component at the begining of the job in order to set path and credentials for the truststore file.

https://help.qlik.com/talend/en-US/components/8.0/keystore/tsetkeystore-standard-properties