As mentioned on Installing API Management, you need a certificate to establish secure connections between clients and API Management, as well as between the different components of API Management itself.
We recommend using an official and valid certificate. |
This certificates need to be stored in a Java keystore. On this page you can find some hints regarding certificate and keystore handling.
A certificate consists of two files: tls.key and tls.crt. Concerning API Management, they must meet the following requirements:
If you already have a tls.key and tls.crt, you can create a keystore like this:
openssl pkcs12 -export -in tls.crt -inkey tls.key -name apimancert -out apiman.p12 |
keytool -importkeystore -srckeystore apiman.p12 -srcstoretype PKCS12 -destkeystore apiman.jks -deststoretype JKS |
File apiman.p12 is only needed temporary, you can delete it afterwards:
rm apiman.p12 |
If you have your certificate stored in a .pfx file, you need to export the certificate files.
openssl pkcs12 -in your_file_name.pfx -nocerts -out tls-encrypted.key |
openssl pkcs12 -in your_file_name.pfx -clcerts -nokeys -out certificate.crt |
openssl rsa -in tls-encrypted.key -outform PEM -out tls.key |
If you have your official certificate in a keystore and you need the tls.crt and tls.key files, do the following:
keytool -importkeystore -srckeystore your_file_name.jks -destkeystore apiman.p12 -deststoretype PKCS12 |
openssl pkcs12 -in apiman.p12 -nokeys -out tls.crt |
openssl pkcs12 -in apiman.p12 -nocerts -nodes -out tls.key |
File apiman.p12 is only needed temporary, you can delete it afterwards:
rm apiman.p12 |