Step 6: Create TLS certificates

You are currently viewing version 1.7 of the Apigee hybrid documentation.This version is end of life. You should upgrade to a newer version. For more information, seeSupported versions.

This step explains how to create the TLS credentials that are required for Apigee hybrid to operate.

Create TLS certificates

You are required to provide TLS certificates for the runtime ingress gateway in your Apigee hybrid configuration. For the purpose of this quickstart (a non-production trial installation), the runtime gateway can accept self-signed credentials. In the following steps,openssl is used to generate the self-signed credentials.

Note: In a production environment, you will need to use signed certificates. You can either use either a certificate and key pair or a Kubernetes secret. For an example on how to obtain a TLS certificate from theLets Encrypt certificate authority (CA), seeObtain TLS credentials: An example.

In this step, you will create the TLS credential files and add them to thebase_directory/hybrid-files/certs directory. InStep 7: Configure the hybrid runtime, you will add the file paths to the cluster configuration file.

  1. Be sure that you are in thebase_directory/hybrid-files directory you configured inSet up the project directory structure.
  2. Make sure to save a domain name to theDOMAIN environment variable using the following command:
    echo $DOMAIN
  3. Execute the following command from inside thehybrid-files directory:
    openssl req  -nodes -new -x509 -keyout ./certs/keystore.key -out \    ./certs/keystore.pem -subj '/CN='$DOMAIN'' -days 3650

    WhereDOMAIN is the same one you used for your environment inPart 1, Step 5: Create an environment group.

    This command creates a self-signed certificate/key pair that you can use for the quickstart installation.

  4. Check to make sure the files are in the./certs directory using the following command:
    ls ./certs
     keystore.key keystore.pem

    Wherekeystore.pem is the self-signed TLS certificate file andkeystore.key is the key file.

You now have the credentials needed to manage Apigee hybrid in your Kubernetes cluster. Next, you will create a file that is used by Kubernetes to deploy the hybrid runtime components to the cluster.

123456(NEXT) Step 7: Configure the hybrid runtime89

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-17 UTC.