Step 6: Create TLS certificates

This step explains how to create the TLS credentials that are required for Apigee hybrid to operate.

Create TLS certificates

You are required to provide TLS certificates for the runtime ingress gateway in your Apigee hybrid configuration. For the purpose of this quickstart (a non-production trial installation), the runtime gateway can accept self-signed credentials. In the following steps, openssl is used to generate the self-signed credentials.

In this step, you will create the TLS credential files and add them to the base_directory/hybrid-files/certs directory. In Step 7: Configure the hybrid runtime, you will add the file paths to the cluster configuration file.

Be sure that you are in the base_directory/hybrid-files directory you configured in Set up the project directory structure.
Make sure to save a domain name to the DOMAIN environment variable using the following command:
```
echo $DOMAIN
```
Execute the following command from inside the hybrid-files directory:
```
openssl req  -nodes -new -x509 -keyout ./certs/keystore.key -out \
    ./certs/keystore.pem -subj '/CN='$DOMAIN'' -days 3650
```
Where DOMAIN is the same one you used for your environment in Part 1, Step 5: Create an environment group.

This command creates a self-signed certificate/key pair that you can use for the quickstart installation.
Check to make sure the files are in the ./certs directory using the following command:
```
ls ./certs
  keystore.pem
  keystore.key
```
Where keystore.pem is the self-signed TLS certificate file and keystore.key is the key file.

You now have the credentials needed to manage Apigee hybrid in your Kubernetes cluster. Next, you will create a file that is used by Kubernetes to deploy the hybrid runtime components to the cluster.

1 2 3 4 5 6 (NEXT) Step 7: Configure the hybrid runtime 8 9