You are currently viewing version 1.11 of the Apigee hybrid documentation.This version is end of life. You should upgrade to a newer version. For more information, seeSupported versions.

This topic explains how to create self-signed TLS certificates for use in an environment configuration. This information is intended for trial or testing purposes only.

Warning: Self-signed certificates are not recommended for production. Only consider using them for development, trial, or testing purposes.

The runtime ingress gateway (the gateway that handles API proxy traffic) requires a TLS certificate/key pair. For this quickstart installation, you can use self-signed credentials. In the following steps,openssl is used to generate the credentials.

1. Execute the following command to create the certificate and key files. The certificate files will most likely have.crt or.pem extensions and the key file will most likely have.key.Note:If you are usingapigeectl to install and manage Apigee hybrid, we recommend storing the certificate and key files in yourhybrid-files/certs directory.

   openssl req  -nodes -new -x509 -keyout ./certs/keystore.key -out \    ./certs/keystore.pem -subj '/CN=mydomain.net' -days 3650

   This command creates a self-signed certificate/key pair that you can use for the quickstart installation. The CNmydomain.net can be any value you wish for the self-signed credentials.

2. Check to make sure the files are in the./certs directory:

   ls ./certs  keystore.pem  keystore.key

   Wherekeystore.pem is the self-signed TLS certificate file andkeystore.key is the key file.