Enabling HTTPS for Mule applications is quite a complex process which requires understanding of below concepts whenever you want to work with https configuration in Mule applications.
- TLS with Keystores and Truststores.
- What are Keystores and Truststores?
- How to generate a Keystore and self signed certificate?
- How to configure TLS in Mule 4?
Lets elaborate more on above key concepts
TLS with Keystores and Truststores – TLS is a cryptographic protocol that provides communications security for your Mule app. TLS offers many different ways of exchanging keys for authentication, encrypting data, and guaranteeing message integrity.
What are Keystores and Truststores ?
Keystore – A Java keystore stores private key entries, certificates with public keys or just secret keys that we may use for various cryptographic purposes.Generally speaking, keystores hold keys that our application owns that we can use to prove the integrity of a message and the authenticity of the sender.Usually, we’ll use a keystore when we are a server and want to use HTTPS.
Truststore – A truststore is the opposite – while a keystore typically holds onto certificates that identify us, a truststore holds onto certificates that identify others. If you do not specify a truststore then the default values of the JVM are used, which usually include a truststore with certificates for all the major certifying authorities.
3) How to generate a Keystore and a self signed certificate?
The standard JDK distribution does not include a keystore by default, use keytool to generate your keystores and certificates. The keystore you generate contains a private key and a public certificate. This certificate is self-signed so it is not to be trusted by clients unless you share the public certificate with them.
Here is the keytool command to create a self-signed cert:
keytool -genkeypair -keystore keystore.jks -dname “CN=David, OU=Mulesoft, O=Dyeleaf, L=IN, ST=HR, C=IN” -keypass password -storepass password -keyalg RSA -sigalg SHA1withRSA -keysize 1024 -alias mule -ext SAN=DNS:localhost,IP:127.0.0.1 -validity 9999
The result keystore.jks file is your certificate.
4) How to configure TLS in Mule 4?
Put keystore.jks file under src/main/resources directory of mule project
Configuring HTTPS Listener
where ${https.port} is 443 used for HTTPS communication.
Configuring TLS for HTTPS Listener
Testing HTTPS enabled Mule applications using Postman
Go to Postman -> Settings -> Certificates and turn ON CA certificates tab which default is set to OFF
5) How to view the certificate information in a keystore?
keytool -list -v -keystore keystore_name
6) To output the certificate information in a keystore to a text file?
keytool -list -v -keystore keystore_name > keystore_output.txt
Note: Where keystore_name is the path to your keystore and keystore_output.txt the file that will be created.
You will be prompted to enter the keystore password.
Conclusion
We saw in this blog that we can enable HTTPS which confirms a more secure version for your Mule applications. I hope you were able to learn something new from this blog!