Contact Us 1-800-596-4880

Configure Security for Anypoint Platform PCE

To use Anypoint Platform, you must provide TLS credentials. You can upload a certificate through the Anypoint Platform UI using access management, and configure Anypoint Platform to use this certificate to ensure secure communication within the platform. This certificate must be trusted by every machine connected to the platform, including Mule runtime engines. You can also provide a custom cipher and DH groups for the key exchange method, if required.

When you replace or change the certificate, Anypoint Platform restarts the nginx server.

on prem features 5f98d
  1. Create a certificate.

    You can use a tool like OpenSSL to create your certificate. To work with Anypoint Platform, your certificate must be in an nginx compatible format. The certificate must contain the domain name of your installation as the CN (Common Name) and as the SAN (Subject Alternative Name).

  2. From Anypoint Platform, select Access Management.

  3. In the left navigation bar, select Security.

  4. In the Certificate field, select Browse to select the certificate on your local system.

  5. In the Key field, select Browse to select the private key for your certificate.

  6. For additional security, you can upload your own cipher and Diffie-Hellman group file.

    Note that this step is optional.

    1. Deselect Use default ciphers and DH Group.

    2. Enter a set of ciphers from the list of valid NGINX ciphers. If you are using Open SSL, you can view this list by running the openssl ciphers command. The cipher you enter must be in an nginx compatible format as shown in the following example:

      ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384

    3. Generate dhparam.pem (the Diffie-Hellman group file) using the following openssl command:

      openssl dhparam 2048 -out dhparam.pem
    4. Upload the dhparam.pem file from your system.