Procedure provided here are the most straightforward approach to this topic. If you need in depth details, please use the Apigee Documentation.
Before proceeding with the set-up. The following information, files, or access should be available:
- Define the domain or subdomain you would like to use. I highly recommend to use a subdomain. It will be useful for multiple environment
- Access to DNS Records of the domain you will be using. You will need to add a CNAME record.
- Certificate files – This is the most important files, the domain you will be using should have a TLS / SSL certificate. You specifically need the certificate file, an intermediate certificate, and a private key – These files are obtainable once you purchase the certificates such as from Godaddy or GlobalSign.
- Apigee Standard Subscription or higher (it will not work in Evaluation version)
Creating the chain certificate
The main objective of this procedure is to combine the certificate file and intermediate certificate – which will be a chain certificate.
If you are on MacOS or Linux, you can use the “cat” command.
cat certificate > certificate_chain.pem
cat intermediate_certificate >> certificate_chain.pem
First command will create a file named certificate_chain.pem
then it copies the content of certificate
to that new file. The content result should be something like below:
--- BEGIN CERTIFICATE ---
(main certificate content)
---- BEGIN CERTIFICATE ---
--- BEGIN CERTIFICATE ---
(intermediate certificate content)
--- END CERTIFICATE ---
Note: You can try to do this manually, by creating a new file using a text editor and copies the content of each files. but make sure there are no other characters such as a white spaces or tabs will be added.
Installing the chain certificate
- Proceed to Admin > Environments > TLS Keystores
- Make sure you are using the intended environment you would like your certificate to use.
- Click the +Keystore button. Enter your desired identifier for your certificate(s). This will create another section using the identifier you have provided as its name.
- Click the “+” on the new section to create a new alias entry.
5. Enter the name of the alias, when selecting the “Type”, make sure that the selected is “Certificate and Key”
6. Click “Certificate File” to upload the chain certificate (the file we have created earlier), then “Key File” to upload the certificate private key.
If everything is valid, continue on with the creation of the alias, after that you should be able to see the certificate information such as Issuer and expiration date inside this entry.
Finally, as i have mentioned earlier – you may have to do this procedure for each environment that is available to your Apigee platform.