Qlik Talend Data Integration: tRest configuration for a mutual TLS (mTLS) connection

This article guides you through configuring the tRest component to connect to a RESTful service that requires an SSL client certificate issued by an NPE (Non-Person Entity).

tRest does not have its own GUI for certificate management; instead, it primarily routes HTTP calls to the underlying Java HttpClient or CXF client. Therefore, the certificate setup must be completed at the Java keystore level before the component can run. 

Here's how to set it up:

1. Convert your certificate to a Java keystore 

If you have your certificate in .pfx or .p12 format: 

keytool -importkeystore \
-srckeystore mycert.p12 \
-srcstoretype PKCS12 \
-destkeystore mykeystore.jks \
-deststoretype JKS

You will be asked to enter a password; make sure to remember it as you will need it in Step 2.

2. Tell Talend Job (Java) to use your cert

In Talend Studio, go to Run → Advanced settings for your job.

In the JVM Setting, select the 'Use specific JVM arguments' option, and add:

-Djavax.net.ssl.keyStore="C:/path/to/mykeystore.jks"
-Djavax.net.ssl.keyStorePassword=yourpassword
-Djavax.net.ssl.trustStore="C:/path/to/mytruststore.jks"
-Djavax.net.ssl.trustStorePassword=trustpassword

The truststore contains the Certificate Authority (CA) that issued the server’s certificate. If you don’t have one, you can generate it by using keytool -import from their public certificate.

3. Use tRest normally

Now, when tRest makes the HTTPS request, Java’s SSL layer will automatically present your client certificate and validate the server cert.

Environment

• Talend Data Integration