This topic explains how to create self-signed TLS certificates for use in an environment configuration. This information is intended for trial or testing purposes only.
The runtime ingress gateway (the gateway that handles API proxy traffic) requires a TLS certificate/key pair. For this quickstart installation, you can use self-signed credentials. In the following steps, openssl is used to generate the credentials.
Be sure that you are in the base_directory/hybrid-files directory. It was suggested in the installation quickstart that you create a hybrid-files directory to contain files that you create. Your file structure may differ from the suggested structure.
Execute the following command from inside hybrid-files directory, where ./certs is the directory containing your certificates.
This command creates a self-signed certificate/key pair that you can use for the quickstart installation. The CN mydomain.net can be any value you wish for the self-signed credentials.
Check to make sure the files are in the ./certs directory:
ls ./certs
keystore.pem
keystore.key
Where keystore.pem is the self-signed TLS certificate file and keystore.key is the key file.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-25 UTC."],[[["The provided content details the creation of self-signed TLS certificates for trial or testing purposes within the Apigee hybrid environment."],["Self-signed certificates are explicitly not recommended for production environments and should only be considered for development, trial, or testing."],["The runtime ingress gateway requires a TLS certificate/key pair, which can be self-signed for quickstart installations using the `openssl` utility."],["A specific command using `openssl` is provided to generate the self-signed certificate and key pair, storing them in a designated `certs` directory, while setting the CN parameter to any desired value."],["The resulting files, `keystore.pem` (certificate) and `keystore.key` (key), should be located within the `./certs` directory after running the provided command."]]],[]]