This step explains how to create the TLS credentials
that are required for Apigee hybrid to operate.
Create TLS certificates
You are required to provide TLS certificates for the runtime ingress gateway in your
Apigee hybrid configuration. For the purpose of this quickstart (a non-production trial installation),
the runtime gateway can accept self-signed credentials. In the following steps,
openssl is used to generate the self-signed credentials.
In this step, you will create the TLS credential files and add them to
the base_directory/hybrid-files/certs directory.
In Step 7: Configure the
hybrid runtime, you will add the file paths to the cluster configuration file.
This command creates a self-signed certificate/key pair that you can use for the quickstart
installation.
Check to make sure the files are in the ./certs directory using the following command:
ls ./certs
keystore.key
keystore.pem
Where keystore.pem is the self-signed TLS certificate file and keystore.key
is the key file.
You now have the credentials needed to manage Apigee hybrid
in your Kubernetes cluster. Next, you will create a file that is used by Kubernetes
to deploy the hybrid runtime components to the cluster.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-10 UTC."],[[["This guide provides instructions for creating TLS credentials, which are essential for the operation of Apigee hybrid."],["For non-production trial installations, self-signed certificates can be used, and the guide demonstrates generating them using `openssl`."],["In a production environment, signed certificates are required, and they can be obtained either as a certificate and key pair or through a Kubernetes secret, such as using Let's Encrypt as the CA."],["The generated TLS certificate (`keystore.pem`) and key (`keystore.key`) files must be saved in the `\u003cvar translate=\"no\"\u003ebase_directory\u003c/var\u003e``/hybrid-files/certs` directory."],["The domain name saved in the **`DOMAIN`** environment variable during this process must be the same as the one used for the environment group created in a previous step."]]],[]]
