How to create an HTTPS endpoint for your Mule App

In this lab, we’re going to create a simple mule app and we’ll configure the http listener to accept requests on https. We’ll learn how to make our app use our own certificate for the TLS connection. In this lab, we’ll only deploy the app locally, to our Anypoint Studio, but in future posts we’ll use this app to deploy it to different deployment options and see how last mile security works.
Let’s dive in!

Create a New Project

First, let’s just create a simple Hello World application. Create a New Project and drag and drop to the canvas an HTTP Listener and a Set Payload processors.
Let’s leave for now the configuration of the HTTP listener, we’ll do that later
For the Set Payload processor just add a Hello message in the Value field

Create a self-signed certificate

For the purpose of the lab we’ll be using a self-signed certificate but remember, self-signed certificates are never recommended for Production environments.

We’ll be using openssl to create our self-sign certificate. If you’re not familiar with openssl check out these two posts for a quick start:

First we’ll create a private key. Let’s create a 2048-bit RSA private key. It will prompt us for a password, generate your own password and write it down, we’ll use it later in our http listener. Our private key will be stored in the mule.key file.

openssl genrsa -out mule.key 2048

Next, we’ll create a certificate signing request (CSR) using our mule.key as input. The output will be the mule.csr file

openssl req -key mule.key -new -out mule.csr

Create the self-signed certificate with the private key and the csr

openssl x509 -signkey mule.key -in mule.csr -req -days 365 -out mule.crt

Create key store. We’ll create it in pfx format. The result will be the mule_keystore.p12 file.

openssl pkcs12 -export -in mule.crt -inkey mule.key -out mule_keystore.p12

The mule_keystore.p12 file will contain:

The private key
The self-signed certificate (which includes the public key)

We can verify the contents of our keystore with the following command:

openssl pkcs12 -info -in mule_keystore.p12

Or we can use a tool like Keystore Explorer.

Add the Key Store to our Mule App

Now, let’s get back to Anypoint Studio and we’ll add the keystore to our Mule project, within the src/main/resources folder. In the package explorer, right-click on the src/main/resources folder of our project and select Show In > System Explorer. That should open a explorer window at the main folder of our project.

Create a new folder under resources, we’ll call it keystore and paste our keystore inside that folder. To verify that, go back to studio and right click again on the src/main/resources > Refresh. We should see now our keystore folder and keystore inside our mule project.

HTTP Listener Configuration

Go to the Studio canvas and click on the Listener processor.
From the properties of the Listener we’ll now create a new Connector Configuration. For that click on the green plus icon
In the general tab

Change the protocol to HTTP
Port:

For Cloudhub 1.0 we need to use port 8082
For Cloudhub 2.0 we need to use port 8081 (we’ll use 8081 in this example)

Click on the TLS tab and change to Edit Inline in the TLS Configuration dropdown
In here we need to add our keystore (trustore is only used for mTLS).
In the key store configuration, specify the following values

Type - PKCS12
path - type the keystore folder and the name of our keystore file. (here, src/main/resources is considered the root of this path)
In Key Password and Password provide the password we used for our keystore

Test the connection

Test the app in Anypoint Studio

Save and run the project.
Once it is deployed open Postman or any REST client to test it and send a request to https://localhost:8081/hello (change the port number if you used another port for your listener)
You can also check that http://localhost:8081/hello does not work
In Postman you should see a 200 response code, the Hello message and also the details of our self-signed certificate