Setting up Connectivity using FQDN

Set up TLS connectivity using FQDN.

To set up TLS connectivity using FQDN, you must create an API Gateway instance and deploy it with FQDN details.


OCI External KMS FQDN Connectivity

As a prerequisite, you must generate and upload the following security credentials before you setup the connectivity:

  • CA bundle 1:
    • Generate a custom self-signed (TLS) certificate and private key and upload it to the API gateway Certificate section. Alternatively, you can generate the TLS certificate using Thales CTM, see Thales CTM. For uploading certificate, see API Gateway.
    • Upload the CA bundle 1 (for the TLS certificate) to the External KMS private endpoint for establishing communication between OCI KMS and API Gateway. For more information, see Creating a Private Endpoint.
  • CA bundle 2: Upload CA bundle 2 (configured for external key manager's server certificate) to the Certificates service for establishing communication between API Gateway and Thales CTM. For uploading the CA bundle 2, see Uploading CA bundle.
    Note

    The TLS server certificate for the External key manager (Thales CTM) must have FDQN in the Subject Alternative Name (SAN).
Note

For information about OCI API Gateway pricing and limits, see API Management Pricing.