cd /opt/anypoint/runtimefabric ./rtfctl update ./rtfctl test outbound-network --mutual-tls-check
Configuring Mutual Authentication with Anypoint Platform
Mutual authentication for connectivity between Runtime Fabric and the Anypoint Platform control plane is enabled by default for Runtime Fabric versions 1.6.45 and later. The following instructions to enable mutual authentication apply only to those versions earlier than 1.6.45. |
Mutual authentication improves the security of communication between Runtime Fabric and Anypoint Platform and is highly recommended.
For Runtime Fabric versions earlier than 1.6.45, enable mutual authentication using the Runtime Fabric API. For Runtime Fabric versions 1.3.60 and later, use Runtime Manager to enable it.
Before You Begin
Before enabling mutual authentication, verify the following endpoint and port are reachable from all Runtime Fabric controller and worker nodes:
-
US control plane:
-
configuration-resolver.prod.cloudhub.io:443
-
-
EU control plane:
-
configuration-resolver.prod-eu.msap.io:443
-
Failure to meet these requirements before enabling mutual authentication results in errors with creating and managing application deployments on Runtime Fabric.
You can use the latest version of the rtfctl utility to validate that all required endpoints are reachable from each Runtime Fabric controller node:
Enable Mutual Authentication from Runtime Manager
-
From Runtime Manager, select the appropriate environment and click Runtime Fabrics.
-
Select a Runtime Fabric.
-
For Enable mutual authentication with Anypoint Platform connectivity, set the toggle to On.
Enable Mutual Authentication using the Runtime Fabric API
From a Runtime Fabric workstation, run the following cURL command:
curl --location --request PATCH 'https://[eu1]anypoint.mulesoft.com/runtimefabric/api/organizations/<ORG-ID>/fabrics/<RUNTIME-FABRIC-ID>' --header 'Content-Type: application/json' --header 'Authorization: Bearer <TOKEN>' --data-raw '{"features": {"enhancedSecurity": true}}'
Replace these placeholders with your unique values:
-
<ORG-ID>
-
<RUNTIME-FABRIC-ID>
-
<TOKEN>