Create SSL based service
SSL certificates are used for securing the transport layer and creating a secure communication between the service caller and the server. SSL channel authenticate the identity of the caller with server and encrypt the data exchanged between caller and server. In Organization it’s a standard to have only SSL based services.
Please go through https://docs.oracle.com/cd/E19798-01/821-1841/gjrgy/ to understand more about keystore generation.
To start with we have to first create the server side certificates using JAVA keytool.exe
Go to JDK bin directory and run below command
java-home/bin/keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks
- alias is server name
- keyalg is algorithm name
- keypass and storepass is the keystore password
- keystore is the keystore name
Let’s change it as per our organization need
java-home/bin/keytool -genkey -alias mulesy-server -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks
D:\Softwares\jdk1.8.0_172\bin>keytool -genkey -alias mulesy-server -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks What is your first and last name? [Unknown]: Mulesy Mulesy What is the name of your organizational unit? [Unknown]: Education What is the name of your organization? [Unknown]: Mulesy What is the name of your City or Locality? [Unknown]: Delhi What is the name of your State or Province? [Unknown]: Delhi What is the two-letter country code for this unit? [Unknown]: IN Is CN=Mulesy Mulesy, OU=Education, O=Mulesy, L=Delhi, ST=Delhi, C=IN correct? [no]: Yes Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12". D:\Softwares\jdk1.8.0_172\bin>keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12 Enter source keystore password: Entry for alias mulesy-server successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Warning: Migrated "keystore.jks" to Non JKS/JCEKS. The JKS keystore is backed up as "keystore.jks.old".
This will create a keystore in bin directory
Same certificate can be signed by any CA for making it trusted certificate – more details
Mostly MuleSoft developers don’t have to do this key generation as this is provided by the network or server maintenance team. So please check with them first.
Let’s use the same keystore.jks for our SSL based api.
Create a mule application and add HTTP listener
Add keystore.jks in src\main\resources folder
Click on connector configuration
Change the HTTP to HTTPS and port to 443
We can now add the information in keystore configuration
Please note we have change the JKS keystore to pkcs12 format while generating the Keystore above
Click OK and run the application
Now if we call the API on chrome then we can see below error
Error is more because browser only adds the certificates signed by trusted CA, As we have created the certificates for our internal use (Still not signed by any CA) so this is expected.
Click on Advance – explicitly telling the browser that it’s safe to call this service.
Now we can see the response from our API
Click on Not secure and click on certificate
It will show the same information which we have used to generate the keystore
Sample application – ssl-sample