One Way SSL for MuleSoft Application | API Security
Вставка
- Опубліковано 29 сер 2024
- This video will tell how you can enable one way ssl for mulesoft applications.
It will also explain what is keystore and truststore. How to generate keystore and truststore using java keytool, How to configure mulespft HTTP Listener and Requestor to enable secure communication.
dzone.com/arti...
Great Explanation...Guys, I swear if you are looking out for any knowledge on one way SSL ..This is by far the best video I have ever come across. watch it and you know why I said its best. Thank you Jitendra
Dinesh Kumar Thank You 😊 for great comment.
@@muletechnologyacademy-zero5625 it's my pleasure. I gained good knowledge
You make life so easy with these bful videos,,, I have not seen any simpler video on SSL than this,,, Thanks Jitendra,,,,,
Nidhi Sharma Thanks
Great tutorial on this. For 3 days I was trying to figure out why I was getting SSL error and your video fixed my issues. Thanks a lot
Great Video
Jitendra....you've done it again! thanks so much for these great videos that help me along my learning journey!
Thank You
Thank you Jitendra for the explanation.
Welcome
Very useful video!!!! Thank you Jitendra
Thanks
Nice work. Thanks!
Thanks for the video Jitendra but neither you or anyone mentioned those commands in the comment section
aditya v I can see commands in comment section
@@muletechnologyacademy-zero5625 will this work in mule 3.9 runtime. I have done the same and its getting deployed but after hitting the url its saying Error sending HTTP request to localhost:8082/test.
Thank you!
Great bro.. please do I video on security filter and authorisation filter. Thanks
Thanks bro..
Great , thanks
Pavan Singh Welcome
Hi JB.. Thanks for taking time to provide this great explanation. Can you able to share the contents in Two-WaySSL text document to try it out ourself. Thanks much.
dzone.com/articles/implementing-one-way-and-two-way-ssl-mutual-authen
Excellent video @Jitendra bafna
Can you please share these commands...i am not able to see in this comments section.
dzone.com/articles/implementing-one-way-and-two-way-ssl-mutual-authen
For every request, client verifies particular server certificates every time, or this is required for first time to establish secure connection.
I need to test with a system which doesnt support self-signed certificate. how do i get certificate by CA for development. Any free sites which i can use
Generate Server Keystore
keytool -genkey -alias mule-server -keyalg RSA -keystore server-keystore.jks
Extract Public Key from Server Keystore
keytool -export -alias mule-server -keystore server-keystore.jks -file server_trust.crt
Generate Client Truststore
keytool -import -alias mule-server -keystore client-truststore.jks -file server_trust.crt
HI Jitendra,
What if we deploy this application in cloudhub? Do we need to keep these jks files under resources itself?
or we need to follow some shared location so that any other API's also can make use of the same JKS file if required.
Thanks,
Bharath
Bharath Kumar Partal yes. Just export and deploy cloudhub. Keep file in resources folder only
@@muletechnologyacademy-zero5625 sure thank you so much
Hello Bharath, you can also keep them in common location so that other apps can share. E.g. we usually use security folder inside jdk installation directory as truststore. Then from mule app you can just refer to that location. If you keep the jks inside resources, it will be visible only to that particular app. Hope this helps.
@@subhra07 There is no concept of common location when you deploy application to cloudhub. You need to have seperate truststore and keystore for every application deployed in cloudhub. For on premise you can use domain project or common location to keep your keystore and truststore which can be shared across application.
@@muletechnologyacademy-zero5625 Agree. Common location for truststore/keystore is applicable for on prem/hybrid environment.
HI Jitendra. I am getting Invalid keystore format.
Hi Jitendra, could you please share the Keystool comments.Thanks in Advance.
You can find in comment section.
@@muletechnologyacademy-zero5625 Actualy, there isn't any command in comment section.
Hi Jitendra when I use host as 0.0.0.0 in requester configuration its not working and getting general SSL engine problem, can you just tell what is the procedure to follow for the host if it is 0.0.0.0
A question:
While requesting the endpoint in second case, u used TLS config - edit inline , added trust store n send the request which gave u the response back; would I get the response if I select TLS config edit inline , check insecure algorithm n do not put the trust store??
Yes, you will get response .But setting the 'insecure' property to 'true' renders connections vulnerable to attacks. Its use is only recommended for prototyping and testing purposes.
@@nimmalapraveen9353 yeah see your point 👍..thanks for this!
dzone.com/articles/implementing-one-way-and-two-way-ssl-mutual-authen
can we give different password for generating server-keystore and client-trust-store ?
Yes you can have different password. Make sure while configuring tls on http listener or requestor, you give correct password.
Hi Jitendra
HTTPS connection is taking very long time to respond, I am always getting connecting time out exceeds even though time out increased.
Https will never take that much time. Please make sure 443 is not blocked on your machine. Generally 443 is always enabled.
Hi Jitendra, I followed same steps but it isn't working for me, still getting SSL engine error. I am using open jdk 8, could that be an issue??
Hi Jitendra, If I skip prompts like organization name, country, province then that keystore and truststore are working, but If I give some dummy values it's failing. Looks like jks is smart enough to identify dummy values, is that correct??
Yes. Please provide name as localhost. Then it will work otherwise you will get ssl error
I am still getting same error : failed: General SSLEngine problem.
You need to select firstname and lastname as localhost
I followed the same but i am getting same Genearal SSLEngine problem.
Make sure while creating certificate firstname and lastnane must be localhost
@@muletechnologyacademy-zero5625 Tq Sir Now it is working fine.