The standard installation for Apigee mTLS is to perform the following general steps:
/opt/apigee/apigee-service apigee-mtls install/opt/apigee/apigee-service apigee-mtls setup -f /opt/silent.conf/opt/apigee/apigee-service apigee-mtls start
For custom certificate installation, you must perform additional steps, as described in this section.
To integrate your custom certificates with Apigee mTLS, you copy the following files to both the
/certs and /source directories on each node in the
cluster. You do this during the installation:
- Generated local_key.pem (unique to each node)
- Generated local_cert.pem (unique to each node)
- The Certificate Authority's certificate.pem
- The Certificate Authority's key.pem
For example, the installation steps for Apigee mTLS with a custom certificate are as follows:
/opt/apigee/apigee-service apigee-mtls install/opt/apigee/apigee-service apigee-mtls setup -f /opt/silent.confCopy the local generated certificatecp PATH_TO_LOCAL_CERT /opt/apigee/apigee-mtls/certs/local_cert.pemcp PATH_TO_LOCAL_CERT /opt/apigee/apigee-mtls/source/certs/local_cert.pemCopy the local generated keycp PATH_TO_LOCAL_KEY /opt/apigee/apigee-mtls/certs/local_key.pemcp PATH_TO_LOCAL_KEY /opt/apigee/apigee-mtls/source/certs/local_key.pemCopy the CA's certificatecp PATH_TO_CA_CERT /opt/apigee/apigee-mtls/certs/ca_cert.pemcp PATH_TO_CA_CERT /opt/apigee/apigee-mtls/source/certs/ca_cert.pemCopy the CA's keycp PATH_TO_CA_KEY /opt/apigee/apigee-mtls/certs/ca_key.pemcp PATH_TO_CA_KEY /opt/apigee/apigee-mtls/source/certs/ca_key.pem/opt/apigee/apigee-service apigee-mtls start
This process overrides the certificates that were generated during the initial setup.
After you complete the integration of the new certificates, you can verify that they are valid by using the instructions in Verify the certificate.