Easy steps on how to integrate 2Way SSL to your MuleSoft Application:
Six easy steps to configure the 2Way SSL:
Note: Hostname or IP must match exactly to make sure it's a valid SSL.
Step 1:
keytool -noprompt -validity 365 -genkey -v -alias server -keyalg RSA -keystore ../ssl/server.keystore -dname "CN=org.api360.apps.ssl,OU=IT,O=arnado,L=KS,ST=Manila,c=cn" -storepass password123 -keypass password123Step 2:
keytool -noprompt -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore ../ssl/client.p12 -dname "CN=clientCN,OU=clientOU,O=arnado,L=devLaptop,ST=Manila,c=cn" -storepass password123 -keypass password123Step 3:
keytool -noprompt -export -v -alias client -keystore ../ssl/client.p12 -storetype PKCS12 -storepass password123 -rfc -file ../ssl/client.cerStep 4:
keytool -noprompt -export -v -alias server -keystore ../ssl/server.keystore -storepass password123 -rfc -file ../ssl/server.cerStep 5:
keytool -noprompt -import -v -alias server -file ../ssl/server.cer -keystore ../ssl/client.truststore -storepass password123Step 6:
keytool -noprompt -import -v -alias client -file ../ssl/client.cer -keystore ../ssl/server.keystore -storepass password123
I've run the steps and have provided an expected or similar output using Console (MacOS)
Step 1
keytool -noprompt -validity 365 -genkey -v -alias server -keyalg RSA -keystore ../ssl/server.keystore -dname "CN=org.api360.apps.ssl,OU=IT,O=arnado,L=KS,ST=Manila,c=cn" -storepass pA5sw0rd2018 -keypass pAs5w0rd2018
---
Output:
---
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 365 days
for: CN=org.api360.apps.ssl, OU=IT, O=arnado, L=KS, ST=Manila, C=cn
[Storing ../ssl/server.keystore]
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore ../ssl/server.keystore -destkeystore ../ssl/server.keystore -deststoretype pkcs12".
---
Step 2
keytool -noprompt -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore ../ssl/client.p12 -dname "CN=cnClient,OU=ouClient,O=arnado,L=VirtualDev,ST=Manila,c=cn" -storepass pA5sw0rd2018 -keypass pAs5w0rd2018
---
Output
---
Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -keypass value.
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 365 days
for: CN=cnClient, OU=ouClient, O=arnado, L=VirtualDev, ST=Manila, C=cn
[Storing ../ssl/client.p12]
---
Step 3
keytool -noprompt -export -v -alias client -keystore ../ssl/client.p12 -storetype PKCS12 -storepass pA5sw0rd2018 -rfc -file ../ssl/client.cer
---
Output
---
Certificate stored in file <../ssl/client.cer>
---
Step 4
keytool -noprompt -export -v -alias server -keystore ../ssl/server.keystore -storepass pA5sw0rd2018 -rfc -file ../ssl/server.cer
---
Output
---
Certificate stored in file <../ssl/server.cer>
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore ../ssl/server.keystore -destkeystore ../ssl/server.keystore -deststoretype pkcs12".
---
Step 5
keytool -noprompt -import -v -alias server -file ../ssl/server.cer -keystore ../ssl/client.truststore -storepass pA5sw0rd2018
---
Output
---
Certificate was added to keystore
[Storing ../ssl/client.truststore]
---
Step 6
keytool -noprompt -import -v -alias client -file ../ssl/client.cer -keystore ../ssl/server.keystore -storepass pA5sw0rd2018
---
Output
---
Certificate was added to keystore
[Storing ../ssl/server.keystore]
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore ../ssl/server.keystore -destkeystore ../ssl/server.keystore -deststoretype pkcs12".