This step explains how to create the TLS credentials that are required for Apigee hybrid to operate.
Create TLS certificates
You are required to provide TLS certificates for the runtime ingress gateway in your Apigee hybrid configuration. For the purpose of this quickstart (a non-production trial installation), the runtime gateway can accept self-signed credentials. In the following steps, openssl is used to generate the self-signed credentials.
  In this step, you will create the TLS credential files and add them to
  the base_directory/hybrid-files/certs directory.
  In Step 7: Configure the
  hybrid runtime, you will add the file paths to the cluster configuration file.
- Be sure that you are in the base_directory/hybrid-filesdirectory you configured in Set up the project directory structure.
- Make sure to save a domain name to the DOMAINenvironment variable using the following command:echo $DOMAIN 
- 
    Execute the following command from inside the hybrid-filesdirectory:openssl req -nodes -new -x509 -keyout ./certs/keystore.key -out \ ./certs/keystore.pem -subj '/CN='$DOMAIN'' -days 3650Where DOMAINis the same one you used for your environment in Part 1, Step 5: Create an environment group.This command creates a self-signed certificate/key pair that you can use for the quickstart installation. 
- 
    Check to make sure the files are in the ./certsdirectory using the following command:ls ./certskeystore.pem keystore.keyWhere keystore.pemis the self-signed TLS certificate file andkeystore.keyis the key file.
You now have the credentials needed to manage Apigee hybrid in your Kubernetes cluster. Next, you will create a file that is used by Kubernetes to deploy the hybrid runtime components to the cluster.
1 2 3 4 5 6 (NEXT) Step 7: Configure the hybrid runtime 8 9