Setting up Connectivity using a FQDN

To set up TLS connectivity using FQDN, you must create an API Gateway instance and deploy it with the FQDN details.

As a prerequisite, you must generate and upload the following security credentials before you setup the connectivity:

• CA bundle 1:
  • Generate a custom self-signed (TLS) certificate and private key and upload it to the API gateway Certificate section. For information on uploading certificates, see Creating an API Gateway in the API Gateway documentation.
  • Upload the CA bundle 1 (for the TLS certificate) to the External KMS private endpoint for establishing communication between OCI KMS and the API Gateway. For more information, see Creating a Private Endpoint.
• CA bundle 2: Upload CA bundle 2 (configured for external key manager's server certificate) to the Certificates service for establishing communication between API Gateway and third-party KMS. For uploading the CA bundle 2, see Uploading CA bundle.
  Note
  
  The TLS server certificate for the External key manager must have FDQN in the Subject Alternative Name (SAN).