Mulesoft- SSL Certificate Configuration for CloudHub DLB

 In this article, focus is more on how to generate server.crt(public key), root.crt and intermediate.crt and how to resolve SSL-PKIX Path building failed error in case the server.crt is not having fullchain.crt that contains - server.crt->intermediate.crt -> root.crt  in fullchain.crt in  sequence file while attaching to DLB.


Step 1: Prepare Your Certificate Files

the following are needed:

Private Key(signed by CA, can be called as server.key/root.key)

Public Certificateserver.crt/public.crt

Intermediate Certificate Chain (if applicable)fullchain.crt (server.crt, intermediate.crt and root.crt in oder of sequence)


If there is only server.key/root.key/private.key and public.cert/server.crt

how to generate root.crt and intermediate.crt using server.key/root.key/private.key in order to generate certificate-chain.cert that contains sever.cert, intermediate.cert and root.cert

if you have private.key(serer.key), follow steps:
 generate root certificate using private.key or root.key

openssl req -x509 -new -nodes -key root.key -sha256 -days 3650 -out root.crt

Generate intermediate certificate request
openssl req -new -key root.key -out intermediate.csr

Generaste intermediate cert by Signing the CSR with the Root Certificate and Key
openssl x509 -req -in intermediate.csr -CA root.crt -CAkey root.key -CAcreateserial -out intermediate.crt -days 1825 -sha256

Validate a Certificate Chain

openssl verify -CAfile root.crt intermediate.crt

To verify a full chain including a server certificate:

openssl verify -CAfile root.crt -untrusted intermediate.crt server.crt


If you have a .pfx or .p12 file, you can extract these using OpenSSL:
# Extract the private key
openssl pkcs12 -in yourcert.pfx -nocerts -out yourdomain.key -nodes

# Extract the public cert
openssl pkcs12 -in yourcert.pfx -clcerts -nokeys -out yourdomain.crt

# Extract the intermediate chain
openssl pkcs12 -in yourcert.pfx -cacerts -nokeys -out intermediate.crt


Step 2: Log in to Anypoint Platform
Go to https://anypoint.mulesoft.com
Navigate to Runtime Manager > Load Balancers
Click on your Dedicated Load Balancer

Step 3: Upload the Certificate
Click Manage Certificates
Choose Add Certificate
Provide:

Alias: Any name (e.g., my-prod-cert)
Private Key: Upload private.key/server.key/root.key
Public Certificate: Upload fullchain.crt or server.crt/public.crt and intermediate.crt
Click Save


Step 4: Associate Certificate with the Domain Mapping
Go to Domain Mappings
Click Add Mapping
Enter:

Domain name: e.g., api.example.com
Target app: Your deployed CloudHub app
Certificate alias: Select the cert you just uploaded
Save the mapping


Step 5: Wait for Propagation
Changes can take a few minutes to apply. Once ready, your custom domain should be serving over HTTPS with the correct SSL certificate.

Step6: Verify the Setup
You can test the configuration using:

openssl s_client -connect api.example.com:443

Look for the correct certificate in the output.

 

Comments

Post a Comment

Popular posts from this blog

Mulesoft Certified Developer-Level2 - Study Material

Image
My Study Notes for Salesforce Certified Mulesoft Developer - Level2. Go thru chapter wise (DataSheet) reference links for each topic provided below and make notes for quick reference. Take Mulesoft Certified Developer Level2 Practice test provided by MuleSoft training as many times as possible @    https://training.mulesoft.com/certification/developer-mule4-level2/practice-exam   MCD Level2 - DataSheet Ch1:Expose production-ready Anypoint Platform managed APIs from Mule applications  https://help.mulesoft.com/s/question/0D52T00004mXYC6SAO/horizontal-scaling-vs-vertical-scaling-of-mule-workers Implement versioning of specific API-related artifacts https://docs.mulesoft.com/exchange/to-change-raml-version https://forum.raml.org/t/as-versions-is-managed-in-raml/788/3   Configure custom or out-of-the-box (OOTB) API policies https://docs.mulesoft.com/gateway/policies-included-http-caching https://docs.mulesoft.com/api-manager/1.x/json...
Read more

Mule4- Salesforce Connector- Version-10.4.2 - Create job bulk api v 2 - ClientInputError:LineEnding is invalid on user data. Current LineEnding setting is LF

Image
 Problem: When using Salesforce Connector in Mule4 - Component - " Create job bulk api v2 " - when job is crated, return error: ClientInputError:LineEnding is invalid on user data. Current LineEnding setting is LF Resolution: to resolve the issue, try adding lineSeparator="\n" in dataweave while building csv payload for bulk job. Screenshot:
Read more

Salesforce Certified MuleSoft Platform Architect - Level1 - Reference Notes

Image
 I have passed my "Salesforce Certified Mulesoft Platform Architect - Level1" on 4th Dec 2022 and would like to share the reference study notes with Mulesoft community. Here is my certificate My Score in the exam My study reference material Topic/chapter wise. Once Reference links are completed, strongly recommend taking free practice exam from mulesoft @  https://training.mulesoft.com/certification/architect-platform-level1/practice-exam practice this exam until you get all correct answers and why they are correct by referring to mulesoft documentation and based on your experience. Please leave a comment if you want me to add any references that would help or links that are broken. Explaining application network basics  https://blogs.mulesoft.com/learn-apis/api-led-connectivity/what-is-api-led-connectivity/ https://www.mulesoft.com/resources/api/what-is-full-lifecycle-api-management . https://docs.mulesoft.com/monitoring/ https://www.infomentum.com/mulesoft-plain-langua...
Read more