In this lab, we’re going to create a simple mule app and we’ll configure the http listener to accept requests on https. We’ll learn how to make our app use our own certificate for the TLS connection. In this lab, we’ll only deploy the app locally, to our Anypoint Studio, but in future posts, we’ll use this app to deploy it to different deployment options and see how last mile security works.
Let’s dive in!
Create a New Project
- First, let’s just create a simple Hello World application. Create a New Project and drag and drop to the canvas an HTTP Listener and a Set Payload processors.
- Let’s leave for now the configuration of the HTTP listener, we’ll do that later
- For the Set Payload processor just add a Hello message in the Value field
Create a self-signed certificate
For the purpose of the lab we’ll be using a self-signed certificate but remember, self-signed certificates are never recommended for Production environments.We’ll be using openssl to create our self-sign certificate. If you’re not familiar with openssl check out these two posts for a quick start:
openssl genrsa -out mule.key 2048
Next, we’ll create a certificate signing request (CSR) using our mule.key as input. The output
will be the mule.csr fileopenssl req -key mule.key -new -out mule.csr
Create the self-signed certificate with the private key and the csropenssl x509 -signkey mule.key -in mule.csr -req -days 365 -out mule.crt
Create key store. We’ll create it in pfx format. The result will be the
mule_keystore.p12 file.openssl pkcs12 -export -in mule.crt -inkey mule.key -out mule_keystore.p12
The mule_keystore.p12 file will contain:- The private key
- The self-signed certificate (which includes the public key)
openssl pkcs12 -info -in mule_keystore.p12
Or we can use a tool like Keystore Explorer.
Add the Key Store to our Mule App
Now, let’s get back to Anypoint Studio and we’ll add the keystore to our Mule project, within the src/main/resources folder. In the package explorer, right-click on the src/main/resources folder of our project and select Show In > System Explorer. That should open a explorer window at the main folder of our project.
Create a new folder under resources, we’ll call it keystore and paste our
keystore inside that folder. To verify that, go back to studio and
right click again on the src/main/resources > Refresh. We should
see now our keystore folder and keystore inside our mule project.
HTTP Listener Configuration
- Go to the Studio canvas and click on the Listener processor.
- From the properties of the Listener we’ll now create a new Connector Configuration. For that click on the green plus icon
- In the general tab
- Change the protocol to HTTP
- Port:
- For Cloudhub 1.0 we need to use port 8082
- For Cloudhub 2.0 we need to use port 8081 (we’ll use 8081 in this example)
- Click on the TLS tab and change to Edit Inline in the TLS Configuration dropdown
- In here we need to add our keystore (trustore is only used for mTLS).
- In the key store configuration, specify the following values
- Type - PKCS12
- path - type the keystore folder and the name of our keystore file. (here, src/main/resources is considered the root of this path)
- In Key Password and Password provide the password we used for our keystore
- Test the connection
Test the app in Anypoint Studio
- Save and run the project.
- Once it is deployed open Postman or any REST client to test it and send a request to https://localhost:8081/hello (change the port number if you used another port for your listener)
- You can also check that http://localhost:8081/hello does not work
- In Postman you should see a 200 response code, the Hello message and also the details of our self-signed certificate