MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-22 20:23:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

doc: Explain how to create certificate chain file (#4032)

Browse Source 
public.crt needs sometimes to have a chain certificate, this PR
explains how to construct public.crt when certificate are issued
by a certificate authority.
This commit is contained in:
Anis Elleuch 2017-04-02 12:47:56 +01:00 committed by Harshavardhana
parent 214279aa57
commit e31e2c3bc2
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/tls/README.md
View File

@ -6,7 +6,13 @@ In this document, we will configure Minio servers with TLS certificates for both
* Download Minio server from [here](https://docs.minio.io/docs/minio-quickstart-guide) * Download Minio server from [here](https://docs.minio.io/docs/minio-quickstart-guide)
## 2. Generate TLS certificate ## 2. Configure with existing certificates
Assuming that you are already having private and public certificates, you will need to copy them under `certs` in your Minio config directory using the names `private.key` and `public.crt` for key and public certificates respectively.
If the certificate is signed by a certificate authority, `public.crt` should be the concatenation of the server's certificate, any intermediates, and the CA's root certificate.
## 3. Generate certificates
### Linux ### Linux
@ -31,7 +37,7 @@ go run generate_cert.go -ca --host "10.10.0.3"
Generate the private key: Generate the private key:
```sh ```sh
openssl genrsa -out private.key 1024 openssl genrsa -out private.key 2048
``` ```
Generate the self-signed certificate: Generate the self-signed certificate:
@ -114,10 +120,6 @@ Generate public certificate
certtool.exe --generate-self-signed --load-privkey private.key --template cert.cnf --outfile public.crt certtool.exe --generate-self-signed --load-privkey private.key --template cert.cnf --outfile public.crt
``` ```
## 3. Configure Minio with the generated certificate
Copy the generated key and certificate under `certs` in your Minio config path (by default in your HOME directory `~/.minio` on Linux or `C:\Users\<Username>\.minio` on Windows) using the names `private.key` and `public.crt` for key and certificate files respectively.
## 4. Install third-party CAs ## 4. Install third-party CAs
Minio can be configured to connect to other servers, whether Minio nodes or servers like NATs, Redis. If these servers use certificates that are not registered in one of the known certificates authorities, you can make Minio server trust these CAs by dropping these certificates under Minio config path (`~/.minio/certs/CAs/` on Linux or `C:\Users\<Username>\.minio\certs\CAs` on Windows). Minio can be configured to connect to other servers, whether Minio nodes or servers like NATs, Redis. If these servers use certificates that are not registered in one of the known certificates authorities, you can make Minio server trust these CAs by dropping these certificates under Minio config path (`~/.minio/certs/CAs/` on Linux or `C:\Users\<Username>\.minio\certs\CAs` on Windows).