This topic explains how to create self-signed TLS certificates for use in an environment configuration. This information is intended for trial or testing purposes only.
The runtime ingress gateway (the gateway that handles API proxy traffic) requires a TLS certificate/key pair. For this quickstart installation, you can use self-signed credentials. In the following steps, openssl is used to generate the credentials.
- Execute the following command to create the certificate and key files. The certificate files
will most likely have
.crt
or.pem
extensions and the key file will most likely have.key
.openssl req -nodes -new -x509 -keyout ./certs/keystore.key -out \ ./certs/keystore.pem -subj '/CN=mydomain.net' -days 3650
This command creates a self-signed certificate/key pair that you can use for the quickstart installation. The CN
mydomain.net
can be any value you wish for the self-signed credentials. - Check to make sure the files are in the
./certs
directory:ls ./certs
keystore.pem keystore.keyWhere
keystore.pem
is the self-signed TLS certificate file andkeystore.key
is the key file.