Configure your IBM® Event Endpoint Management
instance (Manager) to be registered as an Event Gateway Service in API Connect.
Before you begin
Before you register the Event Gateway Service, configure the Event Endpoint Management instance
to trust
API Connect.
Download the Ingress CA and retrieve the Platform API endpoint from the
Download
Configuration tab in the
Event Gateway section under the
Gateway tile on the IBM Cloud Manager home page.
- The Ingress CA certificate is required for Event Endpoint Management to trust API Connect.
-
The Platform API endpoint is required to create the API Connect
jwksUrl endpoint.
For instructions, see the Retrieve the API Connect JSON Web Key Set (JWKS) endpoint,
Configure Event Endpoint Management to trust API Connect, and Enabling mutual
TLS sections in the Configure an Event Endpoint Management Manager as an Event Gateway
Service documentation.
- Obtain certificates for a TLS Client profile.
- In your Event Management instance, locate the secret named
<event-manager-instance-name>-ibm-eem-manager.Note: If you provided your own
certificate in a secret when you
configured TLS for Event Manager, use that secret instead of
<event-manager-instance-name>-ibm-eem-manager.
- Copy the ca.crt and save it in a file called cluster-ca.pem
- Copy the tls.crt and save it in a file called manager-client.pem
- Copy the tls.key and save it in a file called manager-client-key.pem
For more information see Obtain Certificates for a TLS Client Profile
About this task
Event Endpoint Management lets you describe and catalog Kafka topics as event sources and grant access to application developers in your
organization. Application developers can discover event endpoints and configure their applications to access them through the
event gateway. With Event Endpoint Management, they can control access to the event endpoints and
manage the data that is produced to or consumed from them.
For more information on Event Endpoint Management, see the Event Endpoint Management introduction in the IBM
Event Automation documentation.
Procedure
- Login to V12 Reserved administration console.
- To set up a truststore with CA certificates, complete the following steps:
- On the home page, click the TLS tile .
- In the Truststores section, click Create.
- On the Create Truststore page, enter a Title for the
truststore.
- Upload your
cluster-ca.pem created in Before you begin section.
- Click Save.
- To set up a keystore with the client key and the client certificates, complete the
following steps:
- On the home page, click the TLS tile .
- In the Keystores section, click Create.
- On the Create keystore page, provide a Title for the
keystore.
- In the Step 1: Upload private key section, upload the
manager-client-key.pem file that you created in Before you begin section.
- In the Step 2: Upload public key section, upload the
manager-client.pem file that you created in Before you begin section.
- Click Save.
- To set up a TLS client profile with a matching keystore and truststore, complete the
following steps:
- On the home page, click the TLS tile .
- In the TLS Client Profile section, click
Create.
- On the Create TLS Client Profile page, provide a
Title for the TLS client profile.
- Under Server connection, select Allow insecure server
connections.
- In the Keystore/truststore section, click Keystore
and select the keystore containing the client certificate and the private key.
- Click Truststore and select the truststore containing the CA
certificates.
- Click Save.
- To register Event Gateway, complete the following steps:
- On the home page, click the Gateways tile.
- On the Gateways page, click Register event
gateway.
- On the Configure event gateway page, fill in the required fields. The
following table describes each field.
Table 1. Register remote gateway
| Field |
Description |
| Gateway details |
Provide the basic information that describes the new gateway. You must provide a
Gateway type, and Title. The Name is generated from the
title, for use in commands and API calls. |
| Management endpoint configuration: URL of management endpoint |
Enter the Event Gateway management endpoint URL. For more information, see Retrieve the Event Gateway management endpoint. |
| Management endpoint configuration: TLS client profile |
Specify the TLS Client profile to use when contacting the event gateway through the
management endpoint. |
| API invocation endpoint: Base URL of API invocation endpoint |
Enter the Event Gateway client endpoint URL. For more information, see Retrieve the Event Gateway client endpoint. |
| API invocation endpoint: Server Name Indication (SNI) - Host |
Supports SNI (Server Name Indication) at the Base URL of API invocation
endpoint. The default hostname of '*' is required to allow all hosts. Note: To allow
requests from clients that don't support SNI, include a host name value of '*'.
|
| API invocation endpoint: Server Name Indication (SNI) - TLS server
profile |
The TLS server profile that supports the specified hostname for SNI.
The server profile that is selected here contains the server certificate that is presented to
callers of the APIs you publish on the gateway. By default this profile is set to default
TLS server profile shown as default in UI.
|
- Click Register.