Introduction
In my previous article in DZone or here, I omitted the procedure to create a trust store for the application. This is important if the applications are deployed to the CloudHub.
In this article, I will describe the procedures to create the trust store and how to configure the HTTPS request for Mule application
Create A Trust Store FOR MULE HTTPS Request
The procedures to import the server's PEM certificate to a trust store are the following.
First, we will create a trust store using the following command:
1 | keytool -genkey -keyalg RSA -alias cyberark-poc -keystore truststore.ks |
Second, delete the content of the trust store just created:
1 | keytool -delete -alias cyberark-poc -keystore truststore.ks |
1 | keytool -import -v -trustcacerts -alias cyberark-server -file SERVER-CERT.pem -keystore truststore.ks |
HTTPS Request Configuration
The following is the complete HTTPS Request configuration:1 2 3 4 5 6 7 8 | <http:request-config name="HTTPS_Request_configuration" doc:name="HTTP Request configuration" doc:id="489bd416-2a79-4817-9968-627aaa6ee553"> <http:request-connection protocol="HTTPS" host="${cyberark.host}" port="${cyberark.port}"> <tls:context> <tls:trust-store path="truststore.ks" password="changeit" type="jks"> <tls:key-store type="pkcs12" path="client.pfx" keypassword="gary" password="gary"> </tls:key-store></tls:trust-store></tls:context> </http:request-connection></http:request-config> |
The Key Takeaways
The best practice for certificates manipulation is:- If the deployment is on-prem, import servers' certificates to cacert. In this way if the server's certificate is expired, we just need to reimport, not code change is required.
- If the deployment is CloudHub, we have to import the servers' certificate to a truststore as described in this article.
- Use JKS format for the trust store used in the HTTPS request. It is most popular one.
No comments:
Post a Comment