API Connect

 View Only

Creating TLS Client Profile on Local Test Environment (LTE)

By SWETHA SRIDHARAN posted Wed January 29, 2020 01:40 AM

This post is to illustrate how to create TLS profile using Local Test Manager(LTE) to securely authenticate your APIs.

Before we proceed further, make sure  you have installed LTE and it’s running. If you haven’t installed yet, here’s the blog post detailing the installation steps – https://developer.ibm.com/apiconnect/2019/08/23/intall-local-test/

I have installed the LTE and it is running.

Now, login to LTE as API Provider using interactive login as shown below

Before we start creating the TLS Client Profile,  Keystore and Truststore has to be set up.

Keystores contain matched pairs of public certificates and private keys used to confirm identity and encrypt/decrypt data transmission over HTTPS.

I used openssl command to generate my certificate and key to be used in my keystore.json. This varies for each customer based on their trust chain.

apic keystores:create -o localtest -s https://localhost:2000 --format json keystore.json

 The next step is to set up Truststores. They are repositories containing trusted certificates with verified public keys. The certificates in the truststore are usually obtained from a third-party certificate authority (CA).

I used the Verisign Root CA certificate for this demo.

$ apic truststores:create -o localtest -s https://localhost:2000 --format json truststore.json

Now, the final step is to create the TLS Client profile. Before we do, ensure your TLS client profile file has keystore url and truststore url from the above steps.

$ apic tls-client-profiles:create -o localtest -s https://localhost:2000 --format json testprofile.json

You have successfully created a TLS Client profile!

 With LTE you can manage authentication and security of APIs locally on your laptop without having to connect to API Manager cloud instance. As developers, you can enjoy the ability to develop and test APIs independently with LTE.

The yaml files used in this demo can be found in this  repository

1 comment



Mon December 05, 2022 12:23 PM


Congratulations for the post.
But how can I use the apic commands directly in datapower?
If not, is there any possibility for me to redirect apic-lte-juhu to my datapower?

I know that I can create my APIs in datapower by REST API, but I will have to read a Swagger file and execute it step by step.
I wouldn't want to do that. the apic command already creates respecting the Swagger delivered by my client. But I can only use it in the test environment which you showed.