Solved: How to POST to an API using SSL certificate? - Qlik Community

changpinghsiao · ‎2022-06-01

Hello, all:

We have a need to communicate with an API from a 3rd party. They require us to use an SSL certificate for us to send a POST request to them.

We are able to use the certificate (in a PFX file) to send a POST request to their API successfully, using Postman. This proves our certificate works with their API.

Now we want to do the same using a Talend job, but we have been unable to find a solution to successfully communicate with the 3rd party API.

Searching Talend community and help I don't really find much help. The following seems to be the only one providing information.

https://community.talend.com/s/article/Three-ways-to-set-a-truststore-for-an-SSL-TLS-connection-in-a...

However, the trustStore entered in "specific JVM arguments" doesn't seem to help (as it's not required), and we keep getting an exception "NoSuchAlgorithmException", and the exception looks pointing to the keyStore setting.

trustStore is: D:\Temp\TrustStore.jks

trustStore type is : JKS

trustStore provider is :

init truststore

adding as trusted cert:

Subject: CN=membership-dev.warnerpacific.com

Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US

Algorithm: RSA; Serial number: 0xfe4d170d7a00ae41

Valid from Mon Apr 11 16:06:25 PDT 2022 until Sat May 13 16:06:25 PDT 2023

adding as trusted cert:

Subject: CN=apiservice-bus-np.kp.org, OU=KPIT, O="Kaiser Foundation Health Plan, Inc.", ST=California, C=US

Issuer: CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB

Algorithm: RSA; Serial number: 0x9cf170d1c2209c641cd52636a7f28282

Valid from Wed Feb 23 16:00:00 PST 2022 until Fri Feb 24 15:59:59 PST 2023

keyStore is : D:/Temp/San_Dev_Export.pfx

keyStore type is : PKCS12

keyStore provider is :

init keystore

java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

[ERROR] 13:26:55 pex_kaiser.test_kp_api_with_certificate_0_1.Test_KP_API_with_certificate- tHttpRequest_1 - java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

We had a chance to get an online meeting with Talend Customer Care and tried various configurations and settings, including using tSetKeyStore component, but nothing works.

We would like to know if any of you had similar situation like this and found a solution for it and would be grateful if we could get some help. Thank you for your time and help.

Yours,

Chang-Ping Hsiao

SMR040 · ‎2022-06-02

Have you tried using using the keyStoreType with JKS instead of PKCS12? I remember this solved a similar issue for me some time back. Also I was using the tSetKeyStore component and that worked fine so it should also do the trick for you.

Next to that please make sure that the passwords are correct by checking them using the Java Keytool to open the Stores, files are in the mentioned location and the respective Store types are matching.

View solution in original post

SMR040 · ‎2022-06-02

Have you tried using using the keyStoreType with JKS instead of PKCS12? I remember this solved a similar issue for me some time back. Also I was using the tSetKeyStore component and that worked fine so it should also do the trick for you.

Next to that please make sure that the passwords are correct by checking them using the Java Keytool to open the Stores, files are in the mentioned location and the respective Store types are matching.

changpinghsiao · ‎2022-06-02

@S M

Thank you for your help and answer.

Changing from PKCS12 to JKS seems to do the trick. When I was meeting Talend Customer Care, I did ask if Talend Studio does not support PKCS12 keystore type, and I was told it should, as it's an option in tSetKeystore component. The reason to use it is because the certificate provided to us is a PFX file of the type PKCS12. We don't know if the 3rd party accept JKS file format or not.

SMR040 · ‎2022-06-03

You are welcome. Perhaps you can create another ticket for customer care to look into it with this example where JKS is working and PKCS12 is not. Especially because like you said it is an option in the component itself so we can assume it should be supported.

If this answer solved the issue for you, can you mark it as an answer, this way other people that are facing similar issues can see there is a solution (workaround) for it.

changpinghsiao · ‎2022-06-03

I currently have a ticket with Talend Customer Care and I updated with my findings in it.

I don't know if they will need me to create another ticket with them, but to me, it does look like Talend Studio does not recognize PKCS12 keystore type, and I couldn't find anywhere to confirm or deny this.

And yes, I will try to see how I can mark your reply as an answer later. (Haven't used this feature much)

How to POST to an API using SSL certificate?

Studio

v7.x