Mule 4: Enable HTTPS Connector Using OpenSSL

Introduction

This article demonstrates how to generate self-signed certificates and use a private key to configure the HTTPS connector using OpenSSL.

Generate Private Key and Public Cert Using OpenSSL

$ openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 3650
Generating a RSA private key
....+++++
...................................................+++++
writing new private key to 'cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Dallas
Organization Name (eg, company) [Default Company Ltd]:GGL Consulting Inc
Organizational Unit Name (eg, section) []:EA
Common Name (eg, your name or your server's hostname) []:Gary Liu
Email Address []:gary.liu1119@gmail.com

The above command will generate two files:

  1. cakey.pem.
  2. cacert.pem.

The Mulesoft HTTPS TLS configuration supports three formats:

  1. JKS — Java Keystore.
  2. PKCS12 — for details refer to this page.
  3. JCEKS — Stands for Java Cryptography Extension KeyStore.

We need to convert the RAS format to PKCS12 using the following command:

$ openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out identity.p12 -name "mykey"
Enter pass phrase for cakey.pem:
Enter Export Password:
Verifying - Enter Export Password:

The above command generates a file, identity.p12, with the alias, mykey. Now, we can configure the HTTPS Connector.

Configure HTTPS Connector

The XML configuration will look like the following code block:

<http:listener-connection protocol="HTTPS" host="0.0.0.0" port="443"> <tls:context> <tls:key-store type="pkcs12" path="identity.p12" alias="mykey" keypassword="gary" password="gary"> </tls:key-store></tls:context>
</http:listener-connection>

The following snapshots show the procedures using Anypoint Studio:Anypoint Studio

Anypoint Studio

HTTP Listener configuration

HTTP Listener configuration

Invoke the Service

To test the service, we can use the following curl command:

$ curl -k -XGET https://localhost/helloworld % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 100 31 100 31 0 0 31 0 0:00:01 0:00:01 --:--:-- 29 { "message": "Hello, World" }

Note -k option is to tell curl to accepted self-signed certificates.

This UrIoTNews article is syndicated fromDzone