The standard installation for Apigee mTLS is to perform the following general steps:
/opt/apigee/apigee-service apigee-mtls install/opt/apigee/apigee-service apigee-mtls setup -f /opt/silent.conf
/opt/apigee/apigee-service apigee-mtls start
For custom certificate installation, you must perform additional steps, as described in this section.
To integrate your custom certificates with Apigee mTLS, you copy the following files to both the
/certs
and /source
directories on each node in the
cluster. You do this during the installation:
- Generated local_key.pem (unique to each node)
- Generated local_cert.pem (unique to each node)
- The Certificate Authority's certificate.pem
- The Certificate Authority's key.pem
For example, the installation steps for Apigee mTLS with a custom certificate are as follows:
/opt/apigee/apigee-service apigee-mtls install/opt/apigee/apigee-service apigee-mtls setup -f /opt/silent.conf
Copy the local generated certificatecp
PATH_TO_LOCAL_CERT /opt/apigee/apigee-mtls/certs/local_cert.pemcp
Copy the local generated keyPATH_TO_LOCAL_CERT /opt/apigee/apigee-mtls/source/certs/local_cert.pemcp
PATH_TO_LOCAL_KEY /opt/apigee/apigee-mtls/certs/local_key.pemcp
Copy the CA's certificatePATH_TO_LOCAL_KEY /opt/apigee/apigee-mtls/source/certs/local_key.pemcp
PATH_TO_CA_CERT /opt/apigee/apigee-mtls/certs/ca_cert.pemcp
Copy the CA's keyPATH_TO_CA_CERT /opt/apigee/apigee-mtls/source/certs/ca_cert.pemcp
PATH_TO_CA_KEY /opt/apigee/apigee-mtls/certs/ca_key.pemcp
PATH_TO_CA_KEY /opt/apigee/apigee-mtls/source/certs/ca_key.pem/opt/apigee/apigee-service apigee-mtls start
This process overrides the certificates that were generated during the initial setup.
After you complete the integration of the new certificates, you can verify that they are valid by using the instructions in Verify the certificate.