Setting up Connectivity using FQDN

To set up TLS connectivity using FQDN, you must create an API Gateway instance and deploy it with FQDN details.

As a prerequisite, you must generate and upload the following security credentials before you setup the connectivity:

• CA bundle 1:
  • Generate a custom self-signed (TLS) certificate and private key and upload it to the API gateway Certificate section. Alternatively, you can generate the TLS certificate using Thales CTM, see Thales CTM. For uploading certificate, see API Gateway.
  • Upload the CA bundle 1 (for the TLS certificate) to the External KMS private endpoint for establishing communication between OCI KMS and API Gateway. For more information, see Creating a Private Endpoint.
• CA bundle 2: Upload CA bundle 2 (configured for external key manager's server certificate) to the Certificates service for establishing communication between API Gateway and Thales CTM. For uploading the CA bundle 2, see Uploading CA bundle.
  Note
  
  The TLS server certificate for the External key manager (Thales CTM) must have FDQN in the Subject Alternative Name (SAN).