Mulesoft的两种方式SSL的密钥库和信任库

Question

我正在尝试创建一个Mule应用来使用Mutual auth读取REST API。供应商根据client_id和secret对请求进行身份验证，并且还需要基于SSL的相互身份验证。为此，我正在尝试从以下文件中创建信任库和密钥库。

我拥有的文件： 1-> xxxxx.pem（由供应商使用我们与他们共享的xxxx.CSR文件生成）

2-> xxxxx.key

我的设置和所需状态：

我正在使用Mule 3.9.1 EE并将其部署到cloudhub。而且，我没有专用的潜在客户平衡器

用于生成商店的openssl命令：

    openssl pkcs12 -export -name server-cert  -in xxxxxxx_auth.pem -inkey xxxxxxx_auth.key -out serverkeystore.p12

    keytool -importkeystore -destkeystore server.keystore -srckeystore serverkeystore.p12 -srcstoretype pkcs12 -alias server-cert


    keytool -import -alias client-cert -file xxxxxxx_auth.pem -keystore server.truststore


    keytool -import -alias server-cert -file xxxxxxx_auth.pem -keystore server.truststore


    openssl pkcs12 -export -name client-cert -in xxxxxxx_auth.pem -inkey xxxxxxx_auth.key -out clientkeystore.p12

    keytool -importkeystore -destkeystore client.keystore -srckeystore clientkeystore.p12 -srcstoretype pkcs12 -alias client-cert

    keytool -import -alias server-cert -file xxxxxxx_auth.pem -keystore client.truststore

HTTP请求配置：

<http:request-config protocol="HTTPS"
 name="httpsClientConnectorMutualAuth" host="accounts.vendors.com" port="443"
 doc:name="HTTP Request Configuration" basePath="/">
     <tls:context>
         <tls:trust-store path="server.truststore" password="vendor@1" type="jks"/>
         <tls:key-store type="jks" path="client.keystore" alias="client-cert" keyPassword="vendor@1" password="vendor@1"/>
     </tls:context>

当我在HTTP Request配置中使用这些存储时，出现以下错误：

Message               : Error sending HTTP request to https://accounts.test.com:443/auth/oauth/v2/token.
 Payload               : 
 Payload Type          : java.lang.String
 Element               : /vendor-testFlow/processors/1 @ xxx-test-xxxxxxx:xxxx-test.xml:37 (HTTP)
 Element XML           : <http:request config-    ref="httpsClientConnectorMutualAuth" path="auth/oauth/v2/token" method="POST" doc:name="HTTP">
                         <http:request-builder>
                         <http:query-param paramName="grant_type" value="client_credentials"></http:query-param>
                         <http:header headerName="Authorization" value="Basic abcdefghijklmnopqrstuvqxyz=="></http:header>
                         <http:header headerName="Content-Type" value="application/json"></http:header>
                         </http:request-builder>
                         </http:request>
 --------------------------------------------------------------------------------
 Root Exception stack trace:
 sun.security.validator.ValidatorException: No trusted certificate found
 at         sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:397)
 at     sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:134)
 at sun.security.validator.Validator.validate(Validator.java:260)
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
 at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)
 at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)
 at org.glassfish.grizzly.ssl.SSLUtils.executeDelegatedTask(SSLUtils.java:274)
 at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:709)
 at org.glassfish.grizzly.ssl.SSLFilter.doHandshakeStep(SSLFilter.java:332)
 at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:623)
 at org.glassfish.grizzly.ssl.SSLBaseFilter.handleRead(SSLBaseFilter.java:335)
 at com.ning.http.client.providers.grizzly.SwitchingSSLFilter.handleRead(SwitchingSSLFilter.java:74)
 at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
 at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
 at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
 at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
 at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
 at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
 at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:539)
 at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
 at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
 at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
 at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
 at org.glassfish.grizzly.threadpool.AbstractThreadpool$Worker.doWork(AbstractThreadpool.java:593)
 at org.glassfish.grizzly.threadpool.AbstractThreadpool$Worker.run(AbstractThreadpool.java:573)
 at java.lang.Thread.run(Thread.java:748)

想看看我在这里做错了什么吗？

Vinay