Using TLS in a cloud-based Edge installation

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

The following figure shows where Edge cloud customers configure TLS:

Because Edge is deployed in the cloud by Apigee, Apigee has already configured TLS access for the Edge management UI and API. That means you use the HTTPS URLs shown in the first two rows of the table below to access the management UI and API.

You do have to configure TLS for the app access to your APIs, and for access to your backend services from Apigee. The following table describes the places where you configure TLS access for a cloud-based installation of Edge:



TLS Access


API developer

Edge management UI

TLS access is preconfigured by Apigee. Access the Edge management UI by using the predefined URL:


API Developer

Edge management API

TLS access is preconfigured by Apigee. Access the Edge management API by using the predefined URL:


API Client (app)


TLS access is configured by paid customers through the use of virtual hosts. Free and trial accounts cannot configure TLS from API proxies.

You must have a cert signed by a trusted entity, such as Symantec or VeriSign. You cannot use a self-signed cert, or leaf certificates signed by a self-signed CA.

See Configuring TLS access to an API for the Cloud for more.



Target endpoint

You handle the TLS configuration on Edge, but you must make sure to configure TLS correctly on your backend servers as well.

See Configuring TLS from Edge to the backend (Cloud and Private Cloud) for more.

Learn more: