Security

When it comes to 2-Way TLS in MuleSoft, many assume that once the DLB (Dedicated Load Balancer) is configured and client certificates are validated — all is secure. But there’s a subtle and important security gap you should know about. 🔍 The Problem: Validation Isn’t Context-Aware Imagine this: Your DLB is set up for 2-Way TLS ✅ You’ve uploaded multiple client certificates to the DLB’s truststore ✅ Everything works — clients can call your APIs over HTTPS using their certificates ✅ But here’s the catch: ...

When building secure APIs, TLS (Transport Layer Security) is a must. But not all TLS setups are created equal. If you’ve ever wondered what exactly two-way TLS is — or when to use it — you’re in the right place. Let’s break it down in a simple way. 🔐 One-Way TLS (Standard TLS) We all use it every day. Every time you log in to your bank account or shop online, you’re using one-way TLS. Your browser verifies the identity of the server via a certificate, usually signed by a trusted Certificate Authority (CA). ...

Setting up 2-Way TLS (mutual TLS) on MuleSoft’s Dedicated Load Balancer (DLB) can feel daunting. We get it — there are keystores, truststores, certs, and configurations across systems. But don’t worry — this guide walks you through it clearly, step by step. 🔧 What You’ll Need Before starting, make sure you have: ✅ A working MuleSoft application deployed to CloudHub ✅ A configured Dedicated Load Balancer (DLB) ✅ Your client certificate (X.509 PEM) ✅ Your truststore (to trust the client’s cert) ✅ Access to Anypoint Platform & Runtime Manager ...