minio/docs/configure-minio-with-tls.md

# How to secure access to your Minio server with TLS [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/minio/minio?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)

In this document, we will show how to configure your Minio servers with TLS certificates. Steps for Windows could be found [here](https://github.com/minio/minio/blob/master/docs/configure-minio-with-gnutls-windows.md).

## 1. Prerequisites

* Download Minio server from [here](https://docs.minio.io/docs/minio)

## 2. Generate TLS certificate

Minio supports only key/certificate in PEM format. 

### With Letsencrypt

Please explore [here](https://docs.minio.io/docs/generate-let-s-encypt-certificate-using-concert-for-minio)

### With generate_cert.go (self-signed certificate)

You need to download [generate_cert.go](https://golang.org/src/crypto/tls/generate_cert.go?m=text) which is a simple go tool for generating self-signed certificates but works for the most of cases.

`generate_cert.go` already provides SAN certificates with DNS and IP entries:

```sh
  go run generate_cert.go -ca --host "10.10.0.3"
```

### With OpenSSL:

Generate the private key:
```sh
openssl genrsa -out private.key 1024
```

Generate the self-signed certificate:
```sh
openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=country/ST=state/L=location/O=organization/CN=domain"
```

## 3. Configure Minio with the generated certificate

To make Minio aware about your generated key and certificate, you will need to put them under `certs` directory in your Minio config path (usually ~/.minio) using the names of `private.key` and `public.crt` for key and certificate files respectively.

## 4. Install third parties CAs

Minio can be configured to connect to other servers, whether Minio nodes or servers like NATs, Redis. If these servers use certificates that are not registered in one of the known certificates authorities, you can make Minio server trust these CAs by dropping these certificates under `~/.minio/certs/CAs/` in your Minio config path.

# Explore Further
* [Minio Quickstart Guide](https://docs.minio.io/docs/minio-quickstart-guide)
* [Minio Client Complete Guide](https://docs.minio.io/docs/minio-client-complete-guide)
Add support of user self signed certificates Additionally add documentation about how to configure TLS with Minio 2016-11-11 10:18:44 -05:00			`# How to secure access to your Minio server with TLS [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/minio/minio?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)`

Add GnuTLS config documentation for Windows (#3285) 2016-11-18 15:03:23 -05:00			`In this document, we will show how to configure your Minio servers with TLS certificates. Steps for Windows could be found [here](https://github.com/minio/minio/blob/master/docs/configure-minio-with-gnutls-windows.md).`
Add support of user self signed certificates Additionally add documentation about how to configure TLS with Minio 2016-11-11 10:18:44 -05:00
			`## 1. Prerequisites`

			`* Download Minio server from [here](https://docs.minio.io/docs/minio)`

			`## 2. Generate TLS certificate`

			`Minio supports only key/certificate in PEM format.`

			`### With Letsencrypt`

			`Please explore [here](https://docs.minio.io/docs/generate-let-s-encypt-certificate-using-concert-for-minio)`

			`### With generate_cert.go (self-signed certificate)`

			`You need to download [generate_cert.go](https://golang.org/src/crypto/tls/generate_cert.go?m=text) which is a simple go tool for generating self-signed certificates but works for the most of cases.`

			`generate_cert.go` already provides SAN certificates with DNS and IP entries:

			```sh
			`go run generate_cert.go -ca --host "10.10.0.3"`
			```

			`### With OpenSSL:`

			`Generate the private key:`
			```sh
			`openssl genrsa -out private.key 1024`
			```

			`Generate the self-signed certificate:`
			```sh
			`openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=country/ST=state/L=location/O=organization/CN=domain"`
			```

			`## 3. Configure Minio with the generated certificate`

			To make Minio aware about your generated key and certificate, you will need to put them under `certs` directory in your Minio config path (usually ~/.minio) using the names of `private.key` and `public.crt` for key and certificate files respectively.

			`## 4. Install third parties CAs`

Fix spelling and golint errors. (#3266) Fixes #3263 2016-11-15 21:14:23 -05:00			Minio can be configured to connect to other servers, whether Minio nodes or servers like NATs, Redis. If these servers use certificates that are not registered in one of the known certificates authorities, you can make Minio server trust these CAs by dropping these certificates under `~/.minio/certs/CAs/` in your Minio config path.
Add support of user self signed certificates Additionally add documentation about how to configure TLS with Minio 2016-11-11 10:18:44 -05:00
			`# Explore Further`
			`* [Minio Quickstart Guide](https://docs.minio.io/docs/minio-quickstart-guide)`
			`* [Minio Client Complete Guide](https://docs.minio.io/docs/minio-client-complete-guide)`