Enable SSL Certificate Container accessible on S3 Protocol

By default, the Containers are accessible on S3 with HTTP protocol. You can add a SSL Certificate to allow data encryption.

There are multiple types of certificates that can be used to enable SSL.

Self-Signed Certificate

Preamble

We consider in this example the following parameters

Certificate validity period of key SSL is 365 days
Private key file name is "private.key"
Certificate file name is "public.crt"
Server IP address is "10.x.x.x"

Creation of the self-signed certificate

$ cd /root/.minio/certs/ 
$ sudo openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 
-nodes -keyout ./private.key -out ./public.crt -subj "/CN=nodeum.domain.local" -
addext "
subjectAltName=DNS:nodeum.domain.local,DNS:localhost,IP:0.0.0.0,IP:127.0.0.1,
IP:10.x.x.x"
Generating a RSA private key
................................................................................++++
................................................................................++++
writing new private key to './private.key'
-----

Once done, it's required to restart the MINIO service :

$ systemctl restart minio

You need to change the following configuration file /root/.mc/config.json and there change the URL of localminio configuration from http to https.

$ vi /root/.mc/config.json
$ vi nodeum.conf 
... 
"localminio": {
              "url": "",
              "accessKey": "6aIo3CBHhKa35stGKAME",
              "secretKey": "lFRHd0MixbrrrMXESMjsqLfGHLl2KmJ419fCrUww",
              "api": "S3v4",
              "path": "auto"
              },
...

Then you can test the configuration in using the mc admin command :

$ sudo mc admin user info localminio user1 --insecure
AccessKey: user1
Status: enabled
PolicyName:
MemberOf:

Last updated 2 years ago

Was this helpful?

hashtagSelf-Signed Certificate

hashtagPreamble

hashtagCreation of the self-signed certificate

Self-Signed Certificate

Preamble

Creation of the self-signed certificate