# Enable SSL Certificate Container accessible on S3 Protocol

Containers on S3 are accessible via HTTP by default. To enable data encryption, you can add an SSL Certificate. 

### Self-Signed Certificate

#### **Preamble**

We consider in this example the following parameters 

* Certificate validity period of key SSL is **365 days**
* Private key file name is **"private.key"**
* Certificate file name is **"public.crt"**
* Server IP address is **"10.x.x.x"**

#### **Creation of the self-signed certificate**

```bash
$ cd /root/.minio/certs/ 
$ sudo openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 
-nodes -keyout ./private.key -out ./public.crt -subj "/CN=nodeum.domain.local" -
addext "
subjectAltName=DNS:nodeum.domain.local,DNS:localhost,IP:0.0.0.0,IP:127.0.0.1,
IP:10.x.x.x"
Generating a RSA private key
................................................................................++++
................................................................................++++
writing new private key to './private.key'
-----
```

Once done, it's required to restart the MINIO service :

<pre class="language-bash"><code class="lang-bash"><strong>$ systemctl restart minio
</strong></code></pre>

After restarting the Minio service, use this command to verify that the API and Console are secured with HTTPS.

{% code fullWidth="false" %}

```bash
$ systemctl status minio
● minio.service - MinIO
   Loaded: loaded (/etc/systemd/system/minio.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2026-04-16 06:56:26 UTC; 29s ago
     Docs: https://docs.min.io
  Process: 1569639 ExecStartPre=/bin/bash -c for i in {1..15}; do grep -qs "/mnt/FUSE " /proc/mounts && exit 0; sleep 1; done; echo "FUSE is not mounted after 15 seconds"; exit 1 (code=exited, status=0/SUCCESS)
 Main PID: 1569642 (minio)
    Tasks: 53 (limit: 203232)
   Memory: 54.0M
   CGroup: /system.slice/minio.service
           └─1569642 /usr/bin/minio gateway nas /mnt/FUSE

Apr 16 06:56:26 nodeum systemd[1]: Starting MinIO...
Apr 16 06:56:26 nodeum systemd[1]: Started MinIO.
Apr 16 06:56:26 nodeum minio[1569642]: Finished loading IAM sub-system (took 0.0s of 0.0s to load data).
Apr 16 06:56:26 nodeum minio[1569642]: API: https://nodeum:9000
Apr 16 06:56:26 nodeum minio[1569642]: Console: https://nodeum:9001
Apr 16 06:56:26 nodeum minio[1569642]: Documentation: https://docs.min.io
Apr 16 06:56:26 nodeum minio[1569642]: ===================================================================================
Apr 16 06:56:26 nodeum minio[1569642]: **** WARNING: MinIO Gateway will be removed by June 1st from MinIO repository *****
Apr 16 06:56:26 nodeum minio[1569642]: Please read https://github.com/minio/minio/issues/14331
Apr 16 06:56:26 nodeum minio[1569642]: ===================================================================================
```

{% endcode %}

Ensure that 'https' appears in these lines:

```
Apr 16 06:56:26 nodeum minio[1569642]: Console: https://nodeum:9001
Apr 16 06:56:26 nodeum minio[1569642]: Documentation: https://docs.min.io
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nodeum.io/security-guide/enable-ssl-certificate-container-accessible-on-s3-protocol.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.