An organization has an HTTPS-enabled Mule application named Orders API that receives requests from another Mule application named Process Orders.
The communication between these two Mule applications must be secured by TLS mutual authentication (two-way TLS).
At a minimum, what must be stored in each truststore and keystore of these two Mule applications to properly support two-way TLS between the two Mule applications while properly protecting each Mule application's keys?
To properly support two-way TLS (mutual authentication) between two Mule applications, each application must trust the other's public key and securely store its own private key and public key. The Orders API needs the Process Orders public key in its truststore to validate incoming requests and must store its own private key and public key in its keystore for outgoing requests. Similarly, the Process Orders application requires the Orders API public key in its truststore to validate incoming requests and must store its own private key and public key in its keystore for outgoing requests. Hence, the accurate option is that the Orders API truststore contains the Process Orders public key, the Orders API keystore contains the Orders API private key and public key, the Process Orders truststore contains the Orders API public key, and the Process Orders keystore contains the Process Orders private key and public key.
C is correct
A keystore stores public certificates and corresponding private keys (credential) for clients or servers in a mule application. The truststore contains the public certificates (self signed or from a CA) for remote hosts
C iscorrect
C is correct.