Hi Dietmar,

Thank you for your aswer, i had already seen this 2 links and for me the solution described in this links allows to set the ssl connection for all the data services developed and deployed in Talend runtime (Karaf).

This is my org.ops4j.pax.web.cfg file configuration : 

#org.osgi.service.http.port=8181  ==> disable the http port

org.osgi.service.http.port.secure=9001
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks
org.ops4j.pax.web.ssl.password=password
org.ops4j.pax.web.ssl.keypassword=password
#org.ops4j.pax.web.ssl.clientauthwanted=false
org.ops4j.pax.web.ssl.clientauthneeded=true 

Let suppose (this is my case) that i develop 2 talend Rest Api : 

        - The first one is destinated to be called by an internal application (SAP for example), so we don't need de to set a strong security (Https + basic athentification will suffice and the client doesn't need to provide any certificate)

        - The second one will be called only from an external application (Salesforce as it is in the cloud) and in this case, we have to put a strong security (2 way ssl)

If i modify the org.ops4j.pax.web.cfg as described above and restard the runtime (Karaf): 

- The second rest api will work as expected.

- The first rest api wich works only with basic authentification will not word and ask for a certificate to be verified ! may be the configuration set in  org.ops4j.pax.web.cfg impact all talend data services ?

Did i miss some settings, so my first api will work as expected ?

Thank you in advance.

Hi, 

well, if you really need different settings - and you mentioned it already in your first post -  on our HTTPS port then I would say the only easy way to do this is via two seperate containers. One for the basic auth + SSL and one for the 2 way SSL. Theoretically there might be an option with the jetty config where you can add a new HTTPS Port (addConnector) (see: http://blog.nanthrax.net/?p=352) but I would say the dependencies between pax web and your lower level jetty config are not easy to handle and by this I would not recommend to go this way. 

You can run the container multiple times on the same machine and we provide some scripts  to configure the second container to not have any port conflicts  see: https://help.talend.com/reader/T7hdMN16K129AtayaQluAA/hP9UySpDSk4xcwybQm5s2w  it is in my mind the only easy enough option to do what you like to do. 

HTH,

Dietmar

Hi, 

Thank you for all your suggestions, i really appreciate your help.

The two solutions can resolve my issue and i prefer the jetty.xml configuration to have only one container with several connectors but i'm not in this step because the tow solution don't work for me, here is what iam doing : 

Solution 1 == > Enabling client authentication for SSL by modifying the org.ops4j.pax.web.cfg file : 

I tried to reproduce exactly the example given in the talend help https://help.talend.com/reader/yovCMqvJzyaSSSIdrlB4FQ/HlVXm6zYbAL14q4Lq84a1w , when i call my rest service from Chrome, Firefox, CURL or Postman after adding the client certificate it always show me "BAD CERTIFICATE", i added our certificate Authority and restarted karaf, always the same error message "BAD CERTIFICATE"

As this solution did not work for me, i tried the second solution by modyfiying the jetty.xml file and tested the one way ssl for example as described here : https://help.talend.com/reader/yovCMqvJzyaSSSIdrlB4FQ/xWGGon_HvMs8tUG8RhStDQ , after restarting karaf i'm not able to call the rest service.

here is my talend rest service : 

My first try by modifying the org.ops4j.pax.web.cfg and restarting karaf: 

My second try by modifying the jetty.xml file and adding my connector and restarting karaf: 

Iam using TOS_ESB-20190620_1446-V7.2.1

Thank for your help in advance.