This error indicates that the JVM that’s created (to run the Talend job) is denied access to the web service because it does not present a valid SSL certificate. What you'd have to do is to define a JKS (java key store) location for the JVM as follows (Run tab in Talend job):
-Djavax.net.ssl.trustStore=/usr/local/tlnd/myapptruststore.jks
So how do you create a jks file that will allow your job to run?
Go to the URL that you need to access. Right click and inspect the certificate, click on Certificate information.
Go to the Details tab and click on Copy File... follow the wizard prompts.
Finally, save the file as .cer.
Then run the following commands to create the jks file (from a QA_root_CA_v2.cer certificate file):
- "C:\Program Files\Java\jdk1.7.0_71\jre\bin\keytool" -genkey -keyalg RSA -alias selfsigned -keystore myapptruststore.jks -storepass changeit -validity 3600 -keysize 2048
- "C:\Program Files\Java\jdk1.7.0_71\jre\bin\keytool" -import -trustcacerts -alias myapptruststore -file C:\WMunji\QA_root_CA_v2.cer -keystore C:\WMunji\myapptruststore.jks
To import the certificate into the existing cacerts trust store:
- Checked JAVA_HOME on my machine – which is what Talend would be using to create a JVM.
- Locate the cacerts file - C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts
- Right-click, select Properties , go to Security tab and ensure you have permissions to edit the file – if not, give yourself full-control on the file
- Install the certificates: "C:\Program Files\Java\jdk1.7.0_45\jre\bin\keytool" -importkeystore -srckeystore C:\opt\isv\myapptruststore.jks -destkeystore "C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts"
- List the certificates in your trust store to confirm, by running: "C:\Program Files\Java\jdk1.7.0_45\jre\bin\keytool" -list -keystore "C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts"