Contact Us 1-800-596-4880

Configuring Mutual Authentication with Anypoint Platform

Mutual authentication for connectivity between Runtime Fabric and the Anypoint Platform control plane is enabled by default for Runtime Fabric versions 1.6.45 and later. The following instructions to enable mutual authentication apply only to those versions earlier than 1.6.45.

Mutual authentication improves the security of communication between Runtime Fabric and Anypoint Platform and is highly recommended.

For Runtime Fabric versions earlier than 1.6.45, enable mutual authentication using the Runtime Fabric API. For Runtime Fabric versions 1.3.60 and later, use Runtime Manager to enable it.

Before You Begin

Before enabling mutual authentication, verify the following endpoint and port are reachable from all Runtime Fabric controller and worker nodes:

  • US control plane:

    • configuration-resolver.prod.cloudhub.io:443

  • EU control plane:

    • configuration-resolver.prod-eu.msap.io:443

Failure to meet these requirements before enabling mutual authentication results in errors with creating and managing application deployments on Runtime Fabric.

You can use the latest version of the rtfctl utility to validate that all required endpoints are reachable from each Runtime Fabric controller node:

cd /opt/anypoint/runtimefabric
./rtfctl update
./rtfctl test outbound-network --mutual-tls-check

Enable Mutual Authentication from Runtime Manager

  1. From Runtime Manager, select the appropriate environment and click Runtime Fabrics.

  2. Select a Runtime Fabric.

  3. For Enable mutual authentication with Anypoint Platform connectivity, set the toggle to On.

Enable Mutual Authentication using the Runtime Fabric API

From a Runtime Fabric workstation, run the following cURL command:

curl --location --request PATCH 'https://[eu1]anypoint.mulesoft.com/runtimefabric/api/organizations/<ORG-ID>/fabrics/<RUNTIME-FABRIC-ID>' --header 'Content-Type: application/json' --header 'Authorization: Bearer <TOKEN>' --data-raw '{"features": {"enhancedSecurity": true}}'

Replace these placeholders with your unique values:

  • <ORG-ID>

  • <RUNTIME-FABRIC-ID>

  • <TOKEN>