1

I have .crt and privatekey.pem keys which can be used for making HTTPS GET API request.

We can't use these certificates directly in mulesoft for making https API requests.

As far I know it supports Trust store configuration and Key store configuration in the JCEKS, JKS and PKCS12 formats

I have tried using the command below

openssl x509 -outform der -in certificate.private.pem -out certificate.der
keytool -import -alias your-alias -keystore cacerts -file certificate.der

It's failing with the error below after running openssl command mentioned below

unable to load certificate
140706477451034:error:09A2F34C:PEM routines:CRYPTO_internal:no start line:/Library/BuildRoots/97f7341o-dq75-11ed-a4bc-863efbbaf86g/Library/Caches/Sources/libressl/libressl-3.3/crypto/pem/pem_lib.c:694:Expecting: TRUSTED CERTIFICATE

how I can convert my keys to these specific formats and how I can use it while making https get requests from Mulesoft's Anypoint Studio

I didn't find a right article for converting .CRT and .PEM files to Mule supported file formats.

dubru
  • 142
  • 10
  • There are dozen of blogs and previous Stackoverflow answers explaining how to convert certificate formats. Search for how to convert or import those formats to a Java keystore or just PKCS12. By the way you said MuleSoft when you mean Mule runtime. – aled May 18 '23 at 13:49
  • @aled can you point me to one right blog in which they showed converting .crt and .pem files to pkcs12 format and used it in mulesoft? – dubru May 18 '23 at 13:57
  • https://www.google.com/search?q=java+import+pem+to+keystore. I'll leave the CRT search as an exercise – aled May 18 '23 at 14:03
  • Does this answer your question? [Import PEM into Java Key Store](https://stackoverflow.com/questions/2138940/import-pem-into-java-key-store) – aled May 18 '23 at 14:04
  • Let me give it a try and confirm – dubru May 18 '23 at 14:05
  • I'm trying openssl command to convert .pem to .der format. somehow it's not working. it's giving this error `unable to load certificates`. But I'm giving the right certificate path in openssl command – dubru May 18 '23 at 14:17
  • Then open a question with all the details, including command, versions, output. – aled May 18 '23 at 14:18
  • I'm updating this question – dubru May 18 '23 at 14:19
  • The error happens after executing openssl or executing the keytool command? – aled May 18 '23 at 14:25
  • After running openssl command. updated the entire error message in the question – dubru May 18 '23 at 14:28
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/253722/discussion-between-aled-and-dubru). – aled May 18 '23 at 14:33
  • Sure, let me join the chat – dubru May 18 '23 at 14:34

1 Answers1

1

We can convert the two .crt and privatekey.pem files into a single JKS file, as required by the Mule HTTP connector for sending HTTPS GET requests with certificates

The commands to convert .crt and privatekey.pem certs into JKS files are listed below.

openssl pkcs12 -export -inkey private_key.pem -in certificate.crt -out keystore.p12

keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS

The keystore.jks file will be created and then placed in the mule's project src/main/resource  folder as seen in the picture below.

enter image description here

After adding it, click on + under Basic Settings to add a http connector and set a configuration similar to the one shown in the following picture.

enter image description here

Finally, provide the GET method and the Path as per your API and then deploy the Mule application. It's done.

dubru
  • 142
  • 10