이 단계에서는 Apigee Hybrid 작동에 필요한 TLS 사용자 인증 정보를 만드는 방법을 설명합니다.
TLS 인증서 만들기
Apigee Hybrid 구성에 런타임 인그레스 게이트웨이에 대한 TLS 인증서를 제공해야 합니다. 이 빠른 시작(비프로덕션 무료 체험판 설치)에서 런타임 게이트웨이는 자체 서명 사용자 인증 정보를 수락할 수 있습니다. 다음의 절차에서 openssl은 자체 서명 사용자 인증 정보를 생성하는 데 사용됩니다.
이 단계에서는 TLS 사용자 인증 정보 파일을 만들어 base_directory/hybrid-files/certs 디렉터리에 추가합니다.
7단계: 하이브리드 런타임 구성에서는 클러스터 구성 파일에 대해 파일 경로를 추가합니다.
프로젝트 디렉터리 구조 설정에서 구성한 base_directory/hybrid-files 디렉터리에 있는지 확인합니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-05(UTC)"],[[["\u003cp\u003eThis documentation pertains to Apigee hybrid version 1.7, which is no longer supported and should be upgraded.\u003c/p\u003e\n"],["\u003cp\u003eThe instructions detail the process of creating TLS credentials, necessary for Apigee hybrid to function within a Kubernetes environment.\u003c/p\u003e\n"],["\u003cp\u003eFor this quickstart guide, self-signed TLS certificates can be used for the runtime gateway using openssl, but in production environments, signed certificates are required.\u003c/p\u003e\n"],["\u003cp\u003eThe steps guide users to create self-signed certificate and key files (\u003ccode\u003ekeystore.pem\u003c/code\u003e and \u003ccode\u003ekeystore.key\u003c/code\u003e) in the \u003ccode\u003ebase_directory\u003c/code\u003e/hybrid-files/certs directory.\u003c/p\u003e\n"],["\u003cp\u003eThe domain name set in the \u003ccode\u003eDOMAIN\u003c/code\u003e environment variable is utilized in the openssl command to generate the certificates.\u003c/p\u003e\n"]]],[],null,["# Step 6: Create TLS certificates\n\n| You are currently viewing version 1.7 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis step explains how to create the TLS credentials\nthat are required for Apigee hybrid to operate.\n\nCreate TLS certificates\n-----------------------\n\n\nYou are required to provide TLS certificates for the runtime ingress gateway in your\nApigee hybrid configuration. For the purpose of this quickstart (a non-production trial installation),\nthe runtime gateway can accept self-signed credentials. In the following steps,\n[openssl](https://www.openssl.org/) is used to generate the self-signed credentials.\n| **Note:** In a production environment, you will need to use signed certificates. You can either use either a certificate and key pair or a Kubernetes secret. For an example on how to obtain a TLS certificate from the *Lets Encrypt* certificate authority (CA), see [Obtain TLS credentials: An example](/apigee/docs/hybrid/v1.7/lets-encrypt).\n\n\nIn this step, you will create the TLS credential files and add them to\nthe \u003cvar translate=\"no\"\u003ebase_directory\u003c/var\u003e`/hybrid-files/certs` directory.\nIn [Step 7: Configure the\nhybrid runtime](/apigee/docs/hybrid/v1.7/install-configure-cluster), you will add the file paths to the cluster configuration file.\n\n1. Be sure that you are in the \u003cvar translate=\"no\"\u003ebase_directory\u003c/var\u003e`/hybrid-files` directory you configured in [Set up the project directory structure](#setup-directory).\n2. Make sure to save a domain name to the **`DOMAIN`** environment variable using the following command: \n\n ```\n echo $DOMAIN\n ```\n3. Execute the following command from inside the `hybrid-files` directory: \n\n ```\n openssl req -nodes -new -x509 -keyout ./certs/keystore.key -out \\\n ./certs/keystore.pem -subj '/CN='$DOMAIN'' -days 3650\n ```\n\n\n Where **`DOMAIN`** is the same one you used for your environment in\n [Part 1, Step 5: Create an\n environment group](/apigee/docs/hybrid/v1.7/precog-add-environment).\n\n\n This command creates a self-signed certificate/key pair that you can use for the quickstart\n installation.\n4. Check to make sure the files are in the `./certs` directory using the following command: \n\n ```\n ls ./certs\n ``` \n\n ```text\n keystore.key\n keystore.pem\n ```\n\n\n Where `keystore.pem` is the self-signed TLS certificate file and `keystore.key`\n is the key file.\n\n\nYou now have the credentials needed to manage Apigee hybrid\nin your Kubernetes cluster. Next, you will create a file that is used by Kubernetes\nto deploy the hybrid runtime components to the cluster.\n[1](/apigee/docs/hybrid/v1.7/install-create-cluster) [2](/apigee/docs/hybrid/v1.7/install-cert-manager) [3](/apigee/docs/hybrid/v1.7/install-asm) [4](/apigee/docs/hybrid/v1.7/install-apigeectl) [5](/apigee/docs/hybrid/v1.7/install-service-accounts) [6](/apigee/docs/hybrid/v1.7/install-create-tls-certificates) [(NEXT) Step 7: Configure the hybrid runtime](/apigee/docs/hybrid/v1.7/install-configure-cluster) [8](/apigee/docs/hybrid/v1.7/install-enable-synchronizer-access) [9](/apigee/docs/hybrid/v1.7/install-hybrid-runtime)\n\n\u003cbr /\u003e"]]