Solved: Manage Cert and Key inside TRestClient Http Header - Qlik Community

KevinLeleu · ‎2021-06-28

Hello,

I'm currently developping a Talend Job doing some work on Qlik sense API and for the access I have to Auth through a certificate and a key. The probleme is actually how to manage theses. I don't have right to generate a keystore in my system and have to go through a hard by inserting my cert and key in Http Header of TRestClient. How can I manage to do that ? Which parameters have I to use ? How they are managed (Inserting raw data, link to the pem file ?) ?

Thanks a lot

Kleleu

Anonymous · ‎2021-06-29

Hello,

Could you please have a look at this article about: https://community.talend.com/s/article/Three-ways-to-set-a-truststore-for-an-SSL-TLS-connection-in-a... to see if it is what you are looking for?

Best regards

Sabrina

View solution in original post

Anonymous · ‎2021-06-29

Hello,

Could you please have a look at this article about: https://community.talend.com/s/article/Three-ways-to-set-a-truststore-for-an-SSL-TLS-connection-in-a... to see if it is what you are looking for?

Best regards

Sabrina

KevinLeleu · ‎2021-06-29

Thank you, that was what I looked for.

Now the problem is the error following :

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any idea on what could cause this ?

Best regards

Anonymous · ‎2021-06-29

Hello,

When using an "https" URL, CXF will use the certs that are part of the JDK by default.

Usually it is located in $JAVA_HOME/jre/lib/security/cacerts and in this case the cacerts was old and not valid.

You are able to see more details by adding -Djavax.net.debug=all on your data service job.

What's JDK version are you using?

Best regards

Sabrina

KevinLeleu · ‎2021-06-29

I'm currently using JDK1.8.0. By using the -Djavax.net.debug=all it seems the trustStore used is the correct one.

Anonymous · ‎2021-06-29

Hello,

Please try to specify wrapper.java.additional.xx=-Djavax.net.ssl.trustStore=/path/to/your_cert or add javax.net.ssl.trustStore=/path/to/your_cert in [container]/etc/system.properties.

Feel free to let me know if it works.

Best regards

Sabrina

KevinLeleu · ‎2021-06-30

Hello,

I tried both solutions none of them worked.

A little more precision, originally both my certificate and my key are in pem format So at first executed this :

openssl pkcs12 -export -in [path to certificate] -inkey [path to private key] -certfile [path to certificate ] -out testkeystore.p12

and this :

keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore [My jks filename] -deststoretype JKS

to have a .jks format file. Does it have any influence on the result ?

Anonymous · ‎2021-06-30

Hello,

@KLeleu

I will make an investigation on your issue and then come back to you as soon as possible.

Best regards

Sabrina

gjeremy1617088143 · ‎2021-06-30

hi, you can use cacerts it works.

Send me LOve and Kudos

sacuke1 · ‎2021-08-12

I am also facing the same issue. Getting invalid certificate path despite using cacerts. I am also trying to call QlikSense Api. Any solution?

Manage Cert and Key inside TRestClient Http Header

Oracle Database

Talend Data Preparation

v7.x