Salesforce CDP - Additional Configuration Information - Mule 4

Configure Anypoint Connector for Salesforce CDP (Salesforce CDP Connector) to generate an OAuth 2.0 keystore file.

Generate a Keystore File

Salesforce CDP Connector uses the Bouncy Castle cryptographic library to load the certificate from the keystore and sign the payload for the authentication requests.

The library has a vulnerability (CVE-2018-5382) that relates to the BKS-V1 keystore file type. By default, Salesforce CDP Connector uses JKS or PKCS12 keystores. Avoid using BKS-V1 keystore files, as documented in the Bouncy Castle proposed solution.

To generate a JKS keystore file:

  1. Go to your Mule workspace and open the command prompt (for Windows) or Terminal (for Mac).

  2. Enter this command:

    keytool -genkeypair -alias salesforce-cert -keyalg RSA -keystore salesforce-cert.jks
  3. Enter the following information:

    • Password for the keystore

    • Your first name and last name

    • Your organization unit

    • Your city and state, and the two-letter code for your country

      The system generates a Java keystore file (JKS format) that contains a private or public key pair in your workspace.

  4. Provide the file path for the keystore in your connector configuration.

    Enter this command:

    keytool -exportcert -alias salesforce-cert -file salesforce-cert.crt -keystore salesforce-cert.jks

    The system exports the public key from the keystore into the workspace. This is the public key to enter in your Salesforce instance.

  5. Verify that you have both the keystore (salesforce-cert.jks) and the public key (salesforce-cert.crt) files in your workspace.

Next Step

After you complete configuring the connector, you can try the Examples.