Links

Enable SSL Certificate Container accessible on S3 Protocol

By default, the Containers are accessible on S3 with HTTP protocol. You can add a SSL Certificate to allow data encryption.
There are multiple types of certificates that can be used to enable SSL.

Self-Signed Certificate

Preamble

We consider in this example the following parameters
  • Certificate validity period of key SSL is 365 days
  • Private key file name is "private.key"
  • Certificate file name is "public.crt"
  • Server IP address is "10.x.x.x"

Creation of the self-signed certificate

$ cd /root/.minio/certs/
$ sudo openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365
-nodes -keyout ./private.key -out ./public.crt -subj "/CN=nodeum.domain.local" -
addext "
subjectAltName=DNS:nodeum.domain.local,DNS:localhost,IP:0.0.0.0,IP:127.0.0.1,
IP:10.x.x.x"
Generating a RSA private key
................................................................................++++
................................................................................++++
writing new private key to './private.key'
-----
Once done, it's required to restart the MINIO service :
$ systemctl restart minio
You need to change the following configuration file /root/.mc/config.json and there change the URL of localminio configuration from http to https.
$ vi /root/.mc/config.json
$ vi nodeum.conf
...
"localminio": {
             "url": "",
             "accessKey": "6aIo3CBHhKa35stGKAME",
            "secretKey": "lFRHd0MixbrrrMXESMjsqLfGHLl2KmJ419fCrUww",
             "api": "S3v4",
             "path": "auto"
             },
...
Then you can test the configuration in using the mc admin command :
$ sudo mc admin user info localminio user1 --insecure
AccessKey: user1
Status: enabled
PolicyName:
MemberOf:
Last modified 2mo ago