DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations

Trending

  • Testing Applications With JPA Buddy and Testcontainers
  • Reducing Network Latency and Improving Read Performance With CockroachDB and PolyScale.ai
  • Fun Is the Glue That Makes Everything Stick, Also the OCP
  • Five Java Books Beginners and Professionals Should Read

Two-Way SSL In Mule Application

Get mutual authentication in a Mule application.

Gary Liu user avatar by
Gary Liu
CORE ·
Aug. 15, 19 · Tutorial
Like (4)
Save
Tweet
Share
7.14K Views

Join the DZone community and get the full member experience.

Join For Free

Introduction

In my previous article, I explained how Two-Way SSL works within the context of a Mule Application. Many people have asked how to set up a HTTPS request in a Mule application. This article provide details on how to invoke HTTPS services that require Two-Way SSL or Mutual Authentication. Before we dive into the detail procedures, let's review how Two-Way SLL works between clients and servers.

Two-way SSL

Two-way SSL Authentication


The gist of Two-Way SSL is to exchange certificates between clients and servers. The details are pretty complicated and are beyond the scope of this article. Here is a high-level scheme of the exchange of certificates:

  1. Client sends a ClientHello message to a server.
  2. Server replies with ServerHello, Server's certificate, and Request for Client's certificate.
  3. Client sends its certificate and other information like cipher scheme, server's certificate verification, etc.
  4. Server replies with cipher scheme.
  5. Start to exchange information.

Now, how do we set up a Mule Application as a client?

Client's Certificate Generation

In general, IT admin will generate client certificates similar, as I have described in my blog here. Let's assume that is the way for now, so that we can describe how to set up a Mule HTTPS Request. Before we continue, we need to obtain the server's certificate in advance. The certificate can be in many forms like JKS, PKCS12, PEM, etc. A Mule HTTPS request supports three forms:

  • JKS
  • PKCS12
  • JCEKS

Let's say that we got the PEM format from the server. We need to do one of two things depending on the deployment pattern.

  • if it is on-prem deployment, the best way is to import the cert to JVM cacerts.
  • if it is deployed to MuleSoft CloudHub, we need to convert the PEM to PKCS12.

If it is on-prem deployment, we can import the PEM certificate directly into cacerts. (Make sure you have sudo permission and the server's cert is named SERVER_CERT.pem.) Here is the procedure:

cd ${JAVA_HOME}/jre/lib/security 
cp SERVER_CERT.pem 
sudo keytool -import -alias mule1-cyberark -keystore cacerts -file SERVER_CERT.pem


To be sure that server's cert is in pem format, you can use the following command:

openssl x509 -in SERVER_CERT.pem -text


If it is CloudHub deployment, we need to convert the pem file to PKCS12 format. Here is the command:

openssl pkcs12 -export -nokeys -in SERVER_CERT.pem -out SERVER_CERT.pfx


Note the option of -nokeys. This means that you do not have the private key of the certificate. Now that we have the server's certificates taken care of, we need to convert the client's certificate to PKCS12. Here is the command:

openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out identity.p12 -name "mykey"


Note the above procedure will ask for the password. Make sure you remember it.

Setup Mule Flow

The following diagram shows the simple Mule flowMule flow

Mule flow


The HTTPS request configuration is:

<http:request-config name="HTTPS_Request_configuration" doc:name="HTTP Request configuration" doc:id="489bd416-2a79-4817-9968-627aaa6ee553">  
	<http:request-connection protocol="HTTPS" host="two-way-ssl.server.com" port="443">   
    	<tls:context>    
        	<tls:key-store type="pkcs12" path="identity.p12" keypassword="gary" password="gary">   
       	</tls:key-store></tls:context>  
    </http:request-connection> 
</http:request-config>


The import point here is that client's certificate is

<tls:key-store type="pkcs12" path="identity.p12" keypassword="gary" password="gary"> 
</tls:key-store>


and server's certificates is:

<tls:trust-store type="pkcs12" path="SERVER_CERT.p12" keypassword="gary" password="gary"> 
</tls:trust-store>
application

Published at DZone with permission of Gary Liu, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Trending

  • Testing Applications With JPA Buddy and Testcontainers
  • Reducing Network Latency and Improving Read Performance With CockroachDB and PolyScale.ai
  • Fun Is the Glue That Makes Everything Stick, Also the OCP
  • Five Java Books Beginners and Professionals Should Read

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: