5

MuleSoft - Security

Last Update 3 anni fa

Two Way SSL MuleSoft Configuration One Way SSL Mulesoft Configuration JCE Cryptography Client Id Enforcement In MuleSoft Generating Secure Properties

Two Way SSL MuleSoft Configuration

craft software

Last Update 4 anni fa

At the server end, there will be a Keystore which will hold the private and public certificate of the server and truststore which will hold the public certificate of client whereas, at the client end, there will be a Keystore which will hold the private and public certificate of client whereas truststore which will hold the public key of the server.

  • Clients will send Hello and request for the resources on the secure HTTPS protocol.
  • The server will respond with its public certificate (.crt) and send Hello.
  • The client will verify the server public certificate in its truststore.
  • The client sends back symmetric session key generated using the server public certificate.
  • The server will decrypt the symmetric session key using the server private certificate and request for the client certificate.
  • The client will send its public certificate to the server and the server will verify the client public certificate in the server truststore.
  • The server will generate a session key and encrypt using the client public certificate and send it to the client.
  • The client will decrypt the session key using client private certificate and this way the key exchange between client and server. It will establish secure communication between client and server.

Implementing Two Way SSL For MuleSoft Application

For generating Keystore and truststore, we can use OpenSSL or keytool utility. For this article, we will be using keytool which is part of your JDK.

Step 1: Generate Server Keystore

For generating the server Keystore, we will be using the below command.

Once we execute the above command, it will ask for the Keystore password, first and last name including other details and the key password.


alias in the above command is used to search the certificate in the Keystore as there can be multiple certificates in the same Keystore and alias is useful in identifying the right certificate.

Step 2: Export the Public Certificate From Server Keystore

We will be requiring the server public certificate to be installed in the client truststore. So we need to extract the public key from the server Keystore. For extracting the server public certificate, we will be using the below export command.

This command will export the server public certificate and we will import that server public certificate in the client truststore.

Step 3: Import Server Public Certificate Into Client Truststore

For importing the server public key into the client truststore, we will be using the below command.

This above command will generate the client's truststore and import the server public certificate.

Step 4: Generate Client Keystore

For generating the client Keystore, we will be using the below command.

Once we execute the above command, it will ask for the Keystore password, first and last name including other details and the key password.


Alias in the above command is used to search the certificate in the Keystore as there can be multiple certificates in the same Keystore and alias is useful in identifying the right certificate.

Step 5: Export the Public Certificate From Client Keystore

We will be requiring the client public certificate to be installed in the server truststore. So we need to extract the public key from the client Keystore. For extracting the client public certificate, we will be using the below export command.

This command will export the client public certificate and we will import that client public certificate in the server truststore.

Step 6: Import Client Public Certificate Into Server truststore

For importing the client public certificate into the server truststore, we will be using the below command.

This above command will generate the server truststore and import the client public certificate.

Now, we have generated the server Keystore, server truststore, client Keystore and client truststore.

Step 7: Configuring MuleSoft HTTP Listener and Requester

Let's see how we can configure Keystore and truststore on the MuleSoft application.


Now, we will configure server-Keystore and client-truststore on the MuleSoft HTTP Listener. Under General Settings, the Protocol must be "HTTPS". We need to make sure of the server-Keystore.jks, server-truststore.jks, client-Keystore.jks, and client-truststore.jks that are generated in the above steps, must be copied under folder src/main/resources.


Now, we will perform TLS Key Store. Provide Type, Keystore Path, Keystore, and key password and alias name. Perform the Trust Store Configuration. Provide Path, Password, and Type.

This is the configuration that needs to be done on the server-side.


Now, we will see the client-side configuration. For that, we will be using the MuleSoft HTTP requester. Provide the connection settings on the HTTP requester.

Now, we will do the TLS configuration. Provide the client Trust Store Path, Password, and Type. Provide the Key Store Path, Password, Type, and Path.

Get started learning our Custom Curated Learning Path.

Start with our Free Courses.

START HERE

Was this article helpful?

0 out of 0 liked this article