Tuesday, August 6, 2019

Mule 4: Enable HTTPS Connector Using openssl

Introduction

This article demonstrate the procedures using openssl to generate self-signed certificates, and how to use the private key to configure HTTPS connector.

Generate Private Key And Public Cert Using openssl

$ openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 3650
Generating a RSA private key
....+++++
...................................................+++++
writing new private key to 'cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Dallas
Organization Name (eg, company) [Default Company Ltd]:GGL Consulting Inc
Organizational Unit Name (eg, section) []:EA
Common Name (eg, your name or your server's hostname) []:Gary Liu
Email Address []:gary.liu1119@gmail.com
The above command will generate two files:
  1. cakey.pem
  2. cacert.pem
Mulesoft HTTPS TLS configuration support 3 format:
  1. JKS -- Java Keystore
  2. PKCS12 -- for details refer this page
  3. JCEKS -- Stands for Java Cryptography Extension KeyStore
We need to convert the RAS format to PKCS12 using the following command:
$ openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out identity.p12 -name "mykey"
Enter pass phrase for cakey.pem:
Enter Export Password:
Verifying - Enter Export Password:
The above command generate a file namely: identity.p12 with the alias mykey. Now we can configure the HTTPS Connector.

Configure HTTPS Connector

The xml configuration will be like the following:

		
			
				
			
		
	
The follow snapshots show the procedures using Anypoint Studio:

Invoke The Service

To test the service we can use the following curl command:
$ curl -k -XGET https://localhost/helloworld
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    31  100    31    0     0     31      0  0:00:01  0:00:01 --:--:--    29
{
  "message": "Hello, World"
}
Note -k option is to tell curl to accepted self-signed certificates.

5 comments:

  1. very nice & informative video for mulesoft folks...you can also visit https://www.goformule.com for mulesoft tutorials

    ReplyDelete
  2. Very informative post for mulesoft developers.You can also visit goformule.com for mulesoft stuff.

    ReplyDelete
  3. This blog is very enjoyable and very informative. Thank you for sharing this nice article.
    Mulesoft Online Training
    Mulesoft Training in Hyderabad

    ReplyDelete
  4. Thanks for sharing valuable information and very well explained. Keep posting.

    mule 4 online training
    mule 4 certification

    ReplyDelete

Anypoint Studio Error: The project is missing Munit lIbrary to run tests

Anypoint Studio 7.9 has a bug. Even if we following the article: https://help.mulesoft.com/s/article/The-project-is-missing-MUnit-libraries-...