You are currently viewing version 1.3 of the Apigee hybrid documentation.This version is end of life. You should upgrade to a newer version. For more information, seeSupported versions.

This topic explains how to create self-signed TLS certificates for use in an environment configuration. This information is intended for trial or testing purposes only.

Warning: Self-signed certificates are not recommended for production. Only consider using them for development, trial, or testing purposes.

The runtime ingress gateway (the gateway that handles API proxy traffic) requires a TLS certificate/key pair. For this quickstart installation, you can use self-signed credentials. In the following steps,openssl is used to generate the credentials.

1. Be sure that you are in thebase_directory/hybrid-files directory. It was suggested in the installation quickstart that you create ahybrid-files directory to contain files that you create. Your file structure may differ from the suggested structure.
2. Execute the following command from insidehybrid-files directory, where./certs is the directory containing your certificates.

   openssl req  -nodes -new -x509 -keyout ./certs/keystore.key -out \    ./certs/keystore.pem -subj '/CN=mydomain.net' -days 3650

   This command creates a self-signed certificate/key pair that you can use for the quickstart installation. The CNmydomain.net can be any value you wish for the self-signed credentials.

3. Check to make sure the files are in the./certs directory:

   ls ./certs  keystore.pem  keystore.key

   Wherekeystore.pem is the self-signed TLS certificate file andkeystore.key is the key file.