keytool -genkeypair -alias salesforce-cert -keyalg RSA -keystore salesforce-cert.jks
Salesforce CDP - Additional Configuration Information - Mule 4
Configure Anypoint Connector for Salesforce CDP (Salesforce CDP Connector) to generate an OAuth 2.0 keystore file.
Generate a Keystore File
Salesforce CDP Connector uses the Bouncy Castle cryptographic library to load the certificate from the keystore and sign the payload for the authentication requests.
The library has a vulnerability (CVE-2018-5382) that relates to the BKS-V1 keystore file type. By default, Salesforce CDP Connector uses JKS or PKCS12 keystores. Avoid using BKS-V1 keystore files, as documented in the Bouncy Castle proposed solution.
To generate a JKS keystore file:
-
Go to your Mule workspace and open the command prompt (for Windows) or Terminal (for Mac).
-
Enter this command:
-
Enter the following information:
-
Password for the keystore
-
Your first name and last name
-
Your organization unit
-
Your city and state, and the two-letter code for your country
The system generates a Java keystore file (JKS format) that contains a private or public key pair in your workspace.
-
-
Provide the file path for the keystore in your connector configuration.
Enter this command:
keytool -exportcert -alias salesforce-cert -file salesforce-cert.crt -keystore salesforce-cert.jks
The system exports the public key from the keystore into the workspace. This is the public key to enter in your Salesforce instance.
-
Verify that you have both the keystore (
salesforce-cert.jks
) and the public key (salesforce-cert.crt
) files in your workspace.
Next Step
After you complete configuring the connector, you can try the Examples.