update TLS docs to use new certgen tool

This commit is contained in:
Harshavardhana 2021-05-26 10:40:26 -07:00
parent 0e80b5fe63
commit 9773b16f6f

View File

@ -28,7 +28,7 @@ Copy the existing private key and public certificate to the `certs` directory. T
This section describes how to generate a self-signed certificate using various tools: This section describes how to generate a self-signed certificate using various tools:
* 3.1 [Use generate_cert.go to Generate a Certificate](#using-go) * 3.1 [Use certgen to Generate a Certificate](#using-go)
* 3.2 [Use OpenSSL to Generate a Certificate](#using-open-ssl) * 3.2 [Use OpenSSL to Generate a Certificate](#using-open-ssl)
* 3.3 [Use OpenSSL (with IP address) to Generate a Certificate](#using-open-ssl-with-ip) * 3.3 [Use OpenSSL (with IP address) to Generate a Certificate](#using-open-ssl-with-ip)
* 3.4 [Use GnuTLS (for Windows) to Generate a Certificate](#using-gnu-tls) * 3.4 [Use GnuTLS (for Windows) to Generate a Certificate](#using-gnu-tls)
@ -37,25 +37,23 @@ This section describes how to generate a self-signed certificate using various t
* MinIO only supports keys and certificates in PEM format on Linux and Windows. * MinIO only supports keys and certificates in PEM format on Linux and Windows.
* MinIO doesn't currently support PFX certificates. * MinIO doesn't currently support PFX certificates.
### <a name="using-go"></a>3.1 Use generate_cert.go to Generate a Certificate ### <a name="using-go"></a>3.1 Use `certgen` to Generate a Certificate
Download [`generate_cert.go`](https://golang.org/src/crypto/tls/generate_cert.go?m=text). Download [`certgen`](https://github.com/minio/certgen/releases/latest) for your specific operating system and platform.
`generate_cert.go` is a simple *Go* tool to generate self-signed certificates, and provides SAN certificates with DNS and IP entries: `certgen` is a simple *Go* tool to generate self-signed certificates, and provides SAN certificates with DNS and IP entries:
```sh ```sh
go run generate_cert.go -ca --host "10.10.0.3" ./certgen -ca -host "10.10.0.3,10.10.0.4,10.10.0.5"
``` ```
A response similar to this one should be displayed: A response similar to this one should be displayed:
``` ```
2018/11/21 10:16:18 wrote cert.pem 2018/11/21 10:16:18 wrote public.crt
2018/11/21 10:16:18 wrote key.pem 2018/11/21 10:16:18 wrote private.key
``` ```
Rename `cert.pem` to `public.crt` and `key.pem` to `private.key`.
### <a name="using-open-ssl"></a>3.2 Use OpenSSL to Generate a Certificate ### <a name="using-open-ssl"></a>3.2 Use OpenSSL to Generate a Certificate
Use one of the following methods to generate a certificate using `openssl`: Use one of the following methods to generate a certificate using `openssl`: