MuleSoft - Building the JKS for the HTTPS Services for ESB Standalone

After following this instruction https://docs.mulesoft.com/cloudhub/building-an-https-service to build a sample hello application. We need to replace the JKS file. Follow the instruction below:

1) Generate key with AES256

openssl genrsa -aes256 -out server.key 1024

2) Generate a Certificate Request for CA

openssl req -x509 -sha256 -new -key server.key -out server.csr

Enter pass phrase for server.key: <ENTER_YOUR_PASSWORD_YOU'VE_CREATED on STEP 1>

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:<ENTER THE COUNTRY 2 LETTER CODE i.e. US>

State or Province Name (full name) [Some-State]:<ENTER YOUR STATE IN FULL i.e. KANSAS>

Locality Name (eg, city) []:<ENTER YOUR CITY i.e. KANSAS CITY>

Organization Name (eg, company) [Internet Widgits Pty Ltd]:<ENTER YOUR COMPANY NAME i.e. MyCompany>

Organizational Unit Name (eg, section) []:<ENTER YOUR DEPARMENT i.e. Research>

Common Name (e.g. server FQDN or YOUR name) []:<ENTER YOUR DOMAIN NAME i.e. www.mywebsite.com or localhost>

Email Address []:<LEAVE IT BLANK just PRESS ENTER>

3) Generate a self signed certificate that will expire for 360 days

openssl x509 -sha256 -days 360 -in server.csr -signkey server.key -out selfsigned.crt

Getting Private key

Enter pass phrase for server.key:<ENTER_YOUR_PASSWORD_YOU'VE CREATED on STEP 1>

4) Create PKCS12 keystore from private key and public certificate

openssl pkcs12 -export -name servercert -in selfsigned.crt -inkey server.key -out keystore.p12

Enter pass phrase for server.key:

Enter Export Password:

Verifying - Enter Export Password:

5) Convert PKCS12 keystone into a JKS Keystore

keytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias servercert

Enter destination keystore password:  

Re-enter new password: 

Enter source keystore password:  

6) Verify the content of the JKS

keytool -list -v -keystore keystore.jks

Enter keystore password:  

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 1 entry

Alias name: servercert

Creation date: Mar 15, 2016

Entry type: PrivateKeyEntry

Certificate chain length: 1

Certificate[1]:

Owner: O=Internet Widgits Pty Ltd, ST=Some-State, C=US

Issuer: O=Internet Widgits Pty Ltd, ST=Some-State, C=US

Serial number: a829076439b2c11f

Valid from: Tue Mar 15 08:31:22 CDT 2016 until: Fri Mar 10 07:31:22 CST 2017

Certificate fingerprints:

MD5:  0B:F0:2C:64:86:50:80:29:3F:41:09:80:9C:F0:FF:CA

SHA1: 8C:26:4A:4B:FA:55:49:B7:4E:FE:33:13:90:AA:6F:15:B7:A3:E6:DE

SHA256: BB:B2:7C:A2:A8:EF:F5:AE:E8:F1:2D:13:15:ED:46:F5:16:21:AF:18:9D:74:A0:AA:BE:2A:D2:55:68:27:68:D5

Signature algorithm name: SHA256withRSA

Version: 3

Extensions: 

#1: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: 2B C6 1B 1C 65 24 F4 95   F2 46 E0 1F 07 94 B8 C9  +...e$...F......

0010: F4 25 F0 1C                                        .%..

]

[O=Internet Widgits Pty Ltd, ST=Some-State, C=US]

SerialNumber: [    a8290764 39b2c11f]

]

#2: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

  CA:true

  PathLen:2147483647

]

#3: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 2B C6 1B 1C 65 24 F4 95   F2 46 E0 1F 07 94 B8 C9  +...e$...F......

0010: F4 25 F0 1C                                        .%..

]

]

*******************************************

7) Copy the keystore.jks file to MuleSoft Project /<PROJECT>/src/main/resources

8) Run the application and invoke your HTTPS://<IP>:<PORT> using browser