Mule 4: Enable HTTPS Connector Using openssl

Introduction

This article demonstrate the procedures using openssl to generate self-signed certificates, and how to use the private key to configure HTTPS connector.

Generate Private Key And Public Cert Using openssl

$ openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 3650
Generating a RSA private key
....+++++
...................................................+++++
writing new private key to 'cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Dallas
Organization Name (eg, company) [Default Company Ltd]:GGL Consulting Inc
Organizational Unit Name (eg, section) []:EA
Common Name (eg, your name or your server's hostname) []:Gary Liu
Email Address []:gary.liu1119@gmail.com

The above command will generate two files:

1. cakey.pem
2. cacert.pem

Mulesoft HTTPS TLS configuration support 3 format:

1. JKS -- Java Keystore
2. PKCS12 -- for details refer this page
3. JCEKS -- Stands for Java Cryptography Extension KeyStore

We need to convert the RAS format to PKCS12 using the following command:

$ openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out identity.p12 -name "mykey"
Enter pass phrase for cakey.pem:
Enter Export Password:
Verifying - Enter Export Password:

The above command generate a file namely: identity.p12 with the alias mykey. Now we can configure the HTTPS Connector.

Configure HTTPS Connector

The xml configuration will be like the following:

The follow snapshots show the procedures using Anypoint Studio:

Invoke The Service

To test the service we can use the following curl command:

$ curl -k -XGET https://localhost/helloworld
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    31  100    31    0     0     31      0  0:00:01  0:00:01 --:--:--    29
{
  "message": "Hello, World"
}

Note -k option is to tell curl to accepted self-signed certificates.