Nav

Building an HTTPS Service

logo cloud active logo hybrid disabled logo server disabled logo pcf disabled

CloudHub supports building HTTPS/SSL based services so you can be ensured of your data confidentiality. It is very easy to configure your service to support SSL.

The configuration steps shown in this document are meant for deploying your app to CloudHub. If you instead intend to deploy your app locally, see TLS Configuration. See Deployment Strategies for a closer look at how the configuration should differ between each deployment scenario.

This tutorial builds on existing tutorials, so to begin, build a service using the Deploy to CloudHub tutorial.

You can now modify your existing service to use HTTPS as detailed in the following steps.

First, if you don’t have a keystore for your service, generate a new keystore. You can do this using the command line and the keytool utility from the JDK.

To generate a self signed certificate now you must specify the hostname in your command, the property 'SAN=DNS:localhost,IP:127.0.0.1' is key in the example below

       
    
1
keytool -genkeypair -keystore keystore.jks   -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown"  -keypass password  -storepass password  -keyalg DSA  -sigalg SHA1withDSA  -keysize 1024  -alias mule  -ext SAN=DNS:localhost,IP:127.0.0.1 -validity 9999

This command creates a file named keystore.jks. Before proceeding, verify that this file exists and appears in the folder src/main/resources.

Next, configure an HTTPS connector inside your Mule configuration:


       
    
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:https="http://www.mulesoft.org/schema/mule/https" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
    xmlns:spring="http://www.springframework.org/schema/beans" version="EE-3.6.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd">
    <http:listener-config name="HTTPS_Listener_Configuration" protocol="HTTPS" host="0.0.0.0" port="${https.port}" doc:name="HTTP Listener Configuration">
        <tls:context>
            <tls:key-store path="keystore.jks" password="password" keyPassword="${keystore.password}"/>
        </tls:context>
    </http:listener-config>
...

Finally, configure any host IP addresses you want to use HTTPS on with the HTTPS scheme and the ${https.port} variable for the port. Make sure to include a reference to the HTTPS global connector configuration. For example:


       
    
1
<http:listener config-ref="HTTPS_Listener_Configuration" path="hello" doc:name="HTTP"/>

To make HTTP requests to external addresses, use an HTTP Request element instead of the listener, and set up its correspoinding congiguration element similarly with a TLS child element.


       
    
1
2
3
4
5
6
7
8
9
10
 <http:request-config name="https.request" protocol="HTTPS" host="0.0.0.0" port="${https.port}" doc:name="HTTP Request Configuration">
        <tls:context>
            <tls:key-store path="keystore.jks" password="password" keyPassword="${keystore.password}"/>
        </tls:context>
    </http:listener-config>

...

  <http:request config-ref="https.request" path="some-path" doc:name="HTTPs out" method="GET" followRedirects="true" parseResponse="false"/>
...
These same configurations can all be easily achieved through the Anypoint Studio UI. For instructions on how that is done, and for more in depth configuration details, see the HTTP Connector documentation.

Your application is now ready to be deployed on CloudHub. You can access your endpoint via the normal HTTPS address, for example: https://yourdomain.cloudhub.io.