The standard installation for Apigee mTLS is to perform the following general steps:
/opt/apigee/apigee-service apigee-mtls install/opt/apigee/apigee-service apigee-mtls setup -f /opt/silent.conf
/opt/apigee/apigee-service apigee-mtls start
For custom certificate installation, you must perform additional steps, as described in this section.
To integrate your custom certificates with Apigee mTLS, you copy the following files to both the
/certs
and /source
directories on each node in the
cluster. You do this during the installation:
- Generated local_key.pem (unique to each node)
- Generated local_cert.pem (unique to each node)
- The Certificate Authority's certificate.pem
- The Certificate Authority's key.pem
For example, the installation steps for Apigee mTLS with a custom certificate are as follows:
/opt/apigee/apigee-service apigee-mtls install/opt/apigee/apigee-service apigee-mtls setup -f /opt/silent.conf
Copy the local generated certificatecp PATH_TO_LOCAL_CERT /opt/apigee/apigee-mtls/certs/local_cert.pem
cp PATH_TO_LOCAL_CERT /opt/apigee/apigee-mtls/source/certs/local_cert.pem
Copy the local generated keycp PATH_TO_LOCAL_KEY /opt/apigee/apigee-mtls/certs/local_key.pem
cp PATH_TO_LOCAL_KEY /opt/apigee/apigee-mtls/source/certs/local_key.pem
Copy the CA's certificatecp PATH_TO_CA_CERT /opt/apigee/apigee-mtls/certs/ca_cert.pem
cp PATH_TO_CA_CERT /opt/apigee/apigee-mtls/source/certs/ca_cert.pem
Copy the CA's keycp PATH_TO_CA_KEY /opt/apigee/apigee-mtls/certs/ca_key.pem
cp PATH_TO_CA_KEY /opt/apigee/apigee-mtls/source/certs/ca_key.pem
/opt/apigee/apigee-service apigee-mtls start
This process overrides the certificates that were generated during the initial setup.
After you complete the integration of the new certificates, you can verify that they are valid by using the instructions in Verify the certificate.