Configure Security for Anypoint Platform PCE
To use Anypoint Platform, you must provide TLS credentials. You can upload a certificate through the Anypoint Platform UI using access management, and configure Anypoint Platform to use this certificate to ensure secure communication within the platform. This certificate must be trusted by every machine connected to the platform, including Mule runtime engines. You can also provide a custom cipher and DH groups for the key exchange method, if required.
When you replace or change the certificate, Anypoint Platform restarts the nginx server.
-
Create a certificate.
You can use a tool like OpenSSL to create your certificate. To work with Anypoint Platform, your certificate must be in an
nginxcompatible format. The certificate must contain the domain name of your installation as the CN (Common Name) and as the SAN (Subject Alternative Name). -
From Anypoint Platform, select Access Management.
-
In the left navigation bar, select Security.
-
In the Certificate field, select Browse to select the certificate on your local system.
-
In the Key field, select Browse to select the private key for your certificate.
-
For additional security, you can upload your own cipher and Diffie-Hellman group file.
Note that this step is optional.
-
Deselect Use default ciphers and DH Group.
-
Enter a set of ciphers from the list of valid NGINX ciphers. If you are using Open SSL, you can view this list by running the
openssl cipherscommand. The cipher you enter must be in annginxcompatible format as shown in the following example:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
-
Generate
dhparam.pem(the Diffie-Hellman group file) using the followingopensslcommand:openssl dhparam 2048 -out dhparam.pem
-
Upload the
dhparam.pemfile from your system.
-