Questo passaggio spiega come creare le credenziali TLS necessarie per il funzionamento di Apigee hybrid.
Crea certificati TLS
Devi fornire i certificati TLS per il gateway di ingresso di runtime nella configurazione ibrida di Apigee. Ai fini di questa guida rapida (un'installazione di prova non di produzione),
il gateway di runtime può accettare credenziali autofirmate. Nei passaggi successivi, viene utilizzato openssl per generare le credenziali autofirmate.
In questo passaggio, creerai i file delle credenziali TLS e li aggiungerai alla directory $HYBRID_FILES/certs.
Nel passaggio 6: configura il runtime hybrid, aggiungerai i percorsi dei file al file di configurazione del cluster.
Esegui il seguente comando per creare i file delle credenziali e archiviarli nella directory $HYBRID_FILES/certs:
DOMAIN è il dominio che hai fornito come nome host per il gruppo di ambienti che hai creato in Creare un gruppo di ambienti.
ENV_GROUP_NAME è il nome del gruppo di ambienti in cui il dominio è specificato come nome host. È buona norma includere il nome del gruppo di ambienti nel nome della chiave e del keystore per evitare di riutilizzare accidentalmente lo stesso valore di dominio se crei chiavi per più gruppi di ambienti.
Questo comando crea una coppia di chiavi/certificati autofirmati che puoi utilizzare per l'installazione guidata.
Se hai altri gruppi di ambienti con nomi di dominio univoci, ripeti questo passaggio per ciascuno. Farai riferimento a questi gruppi e certificati nel
passaggio di configurazione del cluster.
Verifica che i file siano nella directory $HYBRID_FILES/certs utilizzando il seguente comando:
dove keystore_ENV_GROUP_NAME.pem è il file del certificato TLS autofirmato e keystore_ENV_GROUP_NAME.key
è il file della chiave.
Ora disponi delle credenziali necessarie per gestire Apigee hybrid nel tuo cluster Kubernetes. Successivamente, creerai un file utilizzato da Kubernetes per eseguire il deployment dei componenti di runtime ibrida nel cluster.
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-09-04 UTC."],[[["\u003cp\u003eThis document provides instructions for creating TLS credentials required for the Apigee hybrid runtime ingress gateway, and notes that version 1.8 of the documentation is at end of life.\u003c/p\u003e\n"],["\u003cp\u003eFor non-production trial installations, self-signed credentials can be generated using \u003ccode\u003eopenssl\u003c/code\u003e as outlined in the steps.\u003c/p\u003e\n"],["\u003cp\u003eIn production environments, signed certificates are required, either via a certificate/key pair or a Kubernetes secret, with a linked example of how to use \u003cem\u003eLets Encrypt\u003c/em\u003e as a CA.\u003c/p\u003e\n"],["\u003cp\u003eThe generated TLS credential files should be placed in the \u003ccode\u003e$HYBRID_FILES/certs\u003c/code\u003e directory, which will then be referenced in the cluster configuration file in step 6.\u003c/p\u003e\n"],["\u003cp\u003eThe steps include creating self signed certs for each group, as well as where they should be stored, with instructions on how to verify they are in the right place.\u003c/p\u003e\n"]]],[],null,["# Step 5: Create TLS certificates\n\n| You are currently viewing version 1.8 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis step explains how to create the TLS credentials\nthat are required for Apigee hybrid to operate.\n\nCreate TLS certificates\n-----------------------\n\n\nYou are required to provide TLS certificates for the runtime ingress gateway in your\nApigee hybrid configuration. For the purpose of this quickstart (a non-production trial installation),\nthe runtime gateway can accept self-signed credentials. In the following steps,\n[openssl](https://www.openssl.org/) is used to generate the self-signed credentials.\n| **Note:** In a production environment, you will need to use signed certificates. You can either use either a certificate and key pair or a Kubernetes secret. For an example on how to obtain a TLS certificate from the *Lets Encrypt* certificate authority (CA), see [Obtain TLS credentials: An example](/apigee/docs/hybrid/v1.8/lets-encrypt).\n\n\nIn this step, you will create the TLS credential files and add them to\nthe `$HYBRID_FILES/certs` directory.\nIn [Step 6: Configure the\nhybrid runtime](/apigee/docs/hybrid/v1.8/install-configure-cluster), you will add the file paths to the cluster configuration file.\n\n1. Execute the following command to create the credential files and store them in your `$HYBRID_FILES/certs` directory: \n\n ```\n openssl req -nodes -new -x509 -keyout $HYBRID_FILES/certs/keystore_ENV_GROUP_NAME.key -out \\\n $HYBRID_FILES/certs/keystore_ENV_GROUP_NAME.pem -subj '/CN='\u003cvar translate=\"no\"\u003eDOMAIN\u003c/var\u003e'' -days 3650\n ```\n\n\n Where:\n - \u003cvar translate=\"no\"\u003eDOMAIN\u003c/var\u003e is the domain you provided as the hostname for the environment group you created in [Create an environment group](/apigee/docs/hybrid/v1.8/precog-add-environment#create-an-environment-group).\n - \u003cvar translate=\"no\"\u003eENV_GROUP_NAME\u003c/var\u003e is the name of the environment group where the domain is specified as a hostname. It's a good practice to include the environment group name in the key and keystore name to avoid accidentally reusing the same domain value if you create keys for multiple environment groups.\n\n\n This command creates a self-signed certificate/key pair that you can use for the quickstart\n installation.\n\n\n If you have additional environment groups with unique domain names, just repeat this step\n for each one. You will reference these groups and certificates in the cluster configuration\n step.\n2. Check to make sure the files are in the `$HYBRID_FILES/certs` directory using the following command: \n\n ```\n ls $HYBRID_FILES/certs\n ``` \n\n ```scdoc\n keystore_ENV_GROUP_NAME.key\n keystore_ENV_GROUP_NAME.pem\n ```\n\n\n Where `keystore_`\u003cvar translate=\"no\"\u003eENV_GROUP_NAME\u003c/var\u003e`.pem` is the self-signed TLS certificate file and `keystore_`\u003cvar translate=\"no\"\u003eENV_GROUP_NAME\u003c/var\u003e`.key`\n is the key file.\n\n\nYou now have the credentials needed to manage Apigee hybrid\nin your Kubernetes cluster. Next, you will create a file that is used by Kubernetes\nto deploy the hybrid runtime components to the cluster.\n[1](/apigee/docs/hybrid/v1.8/install-create-cluster) [2](/apigee/docs/hybrid/v1.8/install-cert-manager) [3](/apigee/docs/hybrid/v1.8/install-apigeectl) [4](/apigee/docs/hybrid/v1.8/install-service-accounts) [5](/apigee/docs/hybrid/v1.8/install-create-tls-certificates) [(NEXT) Step 6: Configure the hybrid runtime](/apigee/docs/hybrid/v1.8/install-configure-cluster) [7](/apigee/docs/hybrid/v1.8/install-enable-synchronizer-access) [8](/apigee/docs/hybrid/v1.8/install-hybrid-runtime) [9](/apigee/docs/hybrid/v1.8/install-expose-apigee-ingress) [10](/apigee/docs/hybrid/v1.8/install-deploy-proxy)\n\n\u003cbr /\u003e"]]