---
title: "(Optional) Apigee agent TLS configuration"
slug: "apigee-tls"
updated: 2023-04-14T08:12:31Z
published: 2023-04-14T08:12:31Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt
> Use this file to discover all available pages before exploring further.

# (Optional) Apigee agent TLS configuration

You can configure TLS communication between Traceable's Apigee agent and Traceable's Platform agent. Make a note of the following points before you begin:

- Make sure that Traceable Platform agent's TLS is already set up. Configure the following in your Traceable Platform agent's `values.yaml` or `agentconfig.yaml`file (as per your deployment method) for setting up TLS:YAMLYAML 

```yaml
tls_server:
  key_file: "domain.key"
  cert_file: "domain.crt"
  root_cert_file: "root_ca.crt"
```

You can generate a root CA certificate by following the script documented in[this topic](/docs/generate-self-signed-certificate).
- Make sure that Apigee agent is set up. For more information, see [Apigee - Cloud deployment](/docs/apigee-cloud-deployment).

### Steps

Complete the following steps to configure TLS in Apigee:

1. Log into your Apigee platform and navigate to Keystore settings under **Admin → Environments → TLS Keystores**.![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_apigee_keystore.png)
2. Click on the **+ Keystore** button as shown above to create a new Keystore.
3. Create a new alias by selecting **Certificate Only** option. Provide the `root_ca.crt` corresponding to the certificate used to set up Traceable Platform agent.![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_apigee_new_alias.png)
4. Navigate to **Admin → Environments → References**.
5. Create a new reference that points to the Keystore that you have created.![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_apigee_create_reference.png)
6. Navigate to **Develop → SharedFlows → traceable-sharedflow**.
7. Navigate to **ExportSpansJS**and:
  1. Set `SSLEnabled` to `true`
  2. Change the Truststore element to the reference created above in `ref://&lt;name of your reference&gt;` format.![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_apigee_change_reference.png)
8. Update your ExportSpanJS to enable TLS and then save and deploy the new version to SharedFlow.