Implementation Procedure

Create an SSL certificate.

On the SSL Certificates tab, click Create SSL Certificate.

**Table 1** Certificate configuration for one-way authentication
Parameter	Description
Name	Enter a certificate name that conforms to specific rules to facilitate search.
Instances Covered	Select Current.
Content	-----Start certificate----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh... -----End certificate-----
Key	-----Start RSA private key----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh... -----End RSA private key-----
CA	No CA certificate is required for one-way authentication.

Bind a domain name.

In the navigation pane, choose API Management > API Groups.
Click the name of the group to which the API belongs. The group details page is displayed.

On the Group Information tab page, click Bind Independent Domain Name.

**Table 2** Independent domain name configuration
Parameter	Description
Domain Name	Enter a licensed domain name.
Minimum TLS Version	Select TLS1.2.
HTTP-to-HTTPS Auto Redirection	Disabled by default.

Bind a certificate.
1. In the row that contains the domain name, click Select SSL Certificate.
2. Select the created certificate and click OK.
Client authentication should be disabled for one-way authentication.
Call the API.

Use the API test tool to call the API. If the status code is 200, the API is successfully called. Otherwise, rectify the fault by following the instructions provided in "Published API Calling" > "Error Codes" in the API Gateway User Guide.

On the SSL Certificates tab, click Create SSL Certificate.

**Table 3** Certificate configuration for two-way authentication
Parameter	Description
Name	Enter a certificate name that conforms to specific rules to facilitate search.
Instances Covered	Select Current.
Content	Enter the certificate content. -----Start certificate----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh... -----End certificate-----
Key	Enter the key. -----Start RSA private key----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh... -----End RSA private key-----
CA	Enter the CA certificate content. After the CA certificate is configured, bind the SSL certificate to the independent domain name and enable Client Authentication. -----Start certificate----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh... -----End certificate-----

Bind a domain name.

In the navigation pane, choose API Management > API Groups.
Click the name of the group to which the API belongs. The group details page is displayed.

On the Group Information tab page, click Bind Independent Domain Name.

**Table 4** Independent domain name configuration
Parameter	Description
Domain Name	Enter a licensed domain name.
Minimum TLS Version	Select TLS1.2.
HTTP-to-HTTPS Auto Redirection	Disabled by default.

Bind a certificate.
1. In the row that contains the domain name, click Select SSL Certificate.
2. Select the created certificate, select Enable Client Authentication, and click OK.
Call the API.

Use the API test tool to call the API. If the status code is 200, the API is successfully called. Otherwise, rectify the fault by following the instructions provided in "Published API Calling" > "Error Codes" in the API Gateway User Guide.

You need to configure the client certificate when accessing APIs.

If Postman is used to call APIs, you need to add client certificates to Certificates in Setting and upload the client certificates and key.