Open in app

Sign in

Write

Sign in

Implement One-Way SSL for MuleSoft APIs

Vandana K V
Another Integration Blog
Published in
6 min readFeb 24, 2024

What is an SSL Certificate?

SSL stands for Secure Sockets Layer, and it’s the technology that encrypts the communication between a web server and a browser. When a website uses SSL, a padlock icon appears in the browser’s address bar, and the website’s URL starts with “https://” instead of “http://”. This signals to visitors that their data is secure.

The Importance of SSL

Securing your website with SSL is not just a best practice — it’s essential for protecting your users’ data, building trust, and optimizing your site for search engine rankings. Here are the main benefits you’ll enjoy when you implement SSL on your site:

  1. Data Encryption: SSL encrypts the data between the web server and the browser. This means that even if someone intercepts the data, it remains unreadable.
  2. Data Integrity: SSL ensures that the data sent to and from the server is exactly as it should be and hasn’t been altered or tampered with.
  3. Trust Factor: When visitors see a lock icon in their browser, it instills a sense of trust.
  4. Authentication: SSL certificates are issued by trusted Certificate Authorities (CAs), which verify that you’re connecting to the legitimate website and not a fraudulent one.
  5. SEO Benefits: Search engines, like Google, prioritize websites with SSL certificates, potentially improving your site’s SEO ranking.

Types of SSL Authentication

One-way SSL authentication : The server application shares its public certificate with the client.

At the server end, there will be a Keystore that will hold the private and public certificate of the server whereas, at the client end, there will be a truststore that will hold the public certificate of the server.

  • Clients will send Hello and request for the resources on the secure HTTPS protocol.
  • The server will respond with its public certificate (.crt) and send Hello.
  • The client will verify the server public certificate in its truststore.
  • The client sends back symmetric session key generated using the server public certificate.
  • The server will decrypt the symmetric session key using its private certificate and send back the encrypted session key to the client for establishing a secure connection.
One Way SSL Authentication

Two-way authentication : The client application verifies the identity of the server application, and then the server application verifies the identity of the client application. Sometimes two-way SSL is also known as Mutual Authentication.

At the server end, there will be a Keystore which will hold the private and public certificate of the server and truststore which will hold the public certificate of client whereas, at the client end, there will be a Keystore which will hold the private and public certificate of client whereas truststore which will hold the public key of the server.

  • Clients will send Hello and request for the resources on the secure HTTPS protocol.
  • The server will respond with its public certificate (.crt) and send Hello.
  • The client will verify the server public certificate in its truststore.
  • The client sends back symmetric session key generated using the server public certificate.
  • The server will decrypt the symmetric session key using the server private certificate and request for the client certificate.
  • The client will send its public certificate to the server and the server will verify the client public certificate in the server truststore.
  • The server will generate a session key and encrypt using the client public certificate and send it to the client.
  • The client will decrypt the session key using client private certificate and this way the key exchange between client and server. It will establish secure communication between client and server.
Two Way SSL Authentication

In this article, we will be going to learn how to set up the one-way SSL for MuleSoft applications.

Steps to Implement One Way SSL Authentication for MuleSoft Applications

Step 1 : Generate Server Keystore

Run below command to get the JKS certificate

keytool -genkeypair -keystore server-keystore.jks -dname “CN=localhost, OU=Mulesoft, o=Podium, L=Lehi, ST=UT, C=US” -keypass password -storepass password -keyalg RSA -sigalg SHA1withRSA -keysize 2048 -alias mulesoft-server ,IP:127.0.0.1 -validity 9999

Here you need to pass password the type of algorithm which you want to use and the key size, alias is optional

Once you run the command, you will see the jks file with named server-keystore.jks in your “C:\Users\{username}” path

Step 2 : Export the Public Certificate from CloudHub

Go to your api url from Anypoint Platform and hit it in any browser. Here it is the url of erp-sys-api.

API URL in Browser

Now to the left of the URL there is a lock icon. Click on this icon and a window will pop up. From the window, select the certificate.

Certificates Pop-Ups

Once we select the certificate, it will redirect to another window. From there we have to select the Details tab and from the Details click on Copy to File. After clicking again, a new window will pop up. In that window, select next.

Certificate Details Tab

After we perform all the above steps, we will be redirected to a new window where we need to select the format for the certificate. We will have to choose a DER encoded binary and click on Next.

Store in your desired folder with proper naming. Let us name as mulesoft. Once you save it you will get the message like “The export was successful.”

Step 3 : Import Cloudhub Server Certificate to create a Truststore

For importing the server public key into the client truststore, we will be using the below command.

keytool -import -file E:\cert\Pk\mulesoft.cer -alias mulesoft-server -keystore client-truststore.jks -trustcacerts

Give the password whatever you want.

Now, we have generated the server Keystore and client truststore.

Step 4: Configuring MuleSoft HTTP Listener and Requester

Let’s see how we can configure Keystore and truststore on the MuleSoft application.

Now, we will configure the server-Keystore on the MuleSoft HTTP Listener. Under General Settings, the Protocol must be “HTTPS”. We need to make sure server-keystore.jks and client-truststore.jks that are generated in the above steps, must be copied under folder src/main/resources.

The below configuration has to be added to HTTP Listener Component of your Mule Application.

HTTPS in HTTP Listener Component

Now, we will perform a TLS Key Store configuration. Provider Type, Keystore Path, Keystore and key password, and alias name.

TLS Context for Keystore

This is the configuration that needs to be done on the server-side.

Now, we will see the client-side configuration. For that, we will be using the MuleSoft HTTP requester. Provide the connection settings on the HTTP requester.

HTTPS in HTTP Requestor

Now, we will do the TLS configuration. Provide the client’s truststore path, password, type, etc.

TLS Context for HTTP Requestor
Ssl Certificate
Mulesoft
One Way Ssl
Cloudhub
Mulesoft Api Integration

--

--

Vandana K V
Another Integration Blog

Written by Vandana K V

42 Followers
Writer for

Technical Consultant @ Salesforce

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams