Install Apigee mTLS

After you have ensured that all nodes in your Private Cloud cluster meet all requirements and you have performed the tasks in Before you begin, you can install the apigee-mtls component.

(For information on performing an offline installation, see Install Edge apigee-setup utility on a node with no external internet connection.)

To install Apigee mTLS:

  1. Log in to the node as root (or use sudo with the commands).
  2. Check that all services are stopped (not running) by using the status command, as the following example shows:
    /opt/apigee/apigee-service/bin/apigee-all status
  3. (Optional; Apigee recommends that you test before using MS -> LDAP encryption) If you want to secure your connection between the management server and LDAP server, define a silent configuration for the management server:
    1. Edit the /opt/apigee/customer/application/management-server.properties file, or create a new one if it does not already exist.
    2. Add the following properties and their values to the management-server.properties file:
      conf_security_ldap.enable.connection.pool=false
      conf_security_ldap.fallback.self.count=10
      conf_security_ldap.maximum.retry.limit=2
    3. Save your changes to the management-server.properties file.
  4. Execute the following command:
    /opt/apigee/apigee-service/bin/apigee-service apigee-mtls install

    The installer installs the following RPMs with your Edge for the Private Cloud installation:

    • apigee-mtls
    • apigee-mtls-consul
  5. Repeat steps 1 through 4 on each node in the cluster. Note that step 3 is optional.

After installing Apigee mTLS on all nodes in the cluster, perform the following steps:

  1. Configure apigee-mtls on all nodes as described in Configure Apigee mTLS.
  2. (Optional) Verify your configuration as described in Verify your configuration.

Note that after installing Apigee mTLS on your Private Cloud cluster, you must be sure that when you start components on a node, you start the apigee-mtls component before any other component on the node.