This topic explains how to create self-signed TLS certificates for use in an environment configuration. This information is intended for trial or testing purposes only.
The runtime ingress gateway (the gateway that handles API proxy traffic) requires a TLS certificate/key pair. For this quickstart installation, you can use self-signed credentials. In the following steps, openssl is used to generate the credentials.
- Be sure that you are in the BASE_DIRECTORY/hybrid-filesdirectory. It was suggested in the installation quickstart that you create ahybrid-filesdirectory to contain files that you create. Your file structure may differ from the suggested structure.
- Execute the following command from inside hybrid-filesdirectory, where./certsis the directory containing your certificates.openssl req -nodes -new -x509 -keyout ./certs/keystore.key -out \ ./certs/keystore.pem -subj '/CN=mydomain.net' -days 3650This command creates a self-signed certificate/key pair that you can use for the quickstart installation. The CN mydomain.netcan be any value you wish for the self-signed credentials.
- Check to make sure the files are in the ./certsdirectory:ls ./certskeystore.pem keystore.keyWhere keystore.pemis the self-signed TLS certificate file andkeystore.keyis the key file.