Subscribe to Email Updates

    Settings encryption | 2 min read

    Enable SSL Certificate Container accessible on S3 Protocol


     Written by Jessica Delage

    By default, the Containers are accessible on S3 with HTTP protocol. You can add a SSL Certificate to allow data encryption.

    There are multiple types of certificates that can be used to enable SSL.

    1. Self-Signed Certificate

    Preamble

    We consider in this example the following parameters 

    • Certificate validity period of key SSL is 365 days
    • Private key file name is "private.key"
    • Certificate file name is "public.crt"

    1. Creation of the self-signed certificate 


    [root@nodeum]# cd /root/.minio/certs/ 
    [root@nodeum certs]# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out public.crt 
    Generating a RSA private key ..........+++++ 
    ..................................................................................................................+++++ 
    writing new private key to '/root/.minio/certs/private.key' ---- 
    You are about to be asked to enter information that will be incorporated into your certificate request. 
    What you are about to enter is what is called a Distinguished Name or a DN. 
    There are quite a few fields but you can leave some blank 
    For some fields there will be a default value, If you enter '.', the field will be left blank. 
    ---- 
    Country Name (2 letter code) [AU]:US 
    State or Province Name (full name) [Some-State]:California
    Locality Name (eg, city) []:Newyork 
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Webdock 
    Organizational Unit Name (eg, section) []:IT 
    Common Name (e.g. server FQDN or YOUR name) []:site1.example.com 
    Email Address []:admin@example.com 
    Please enter the following 'extra' attributes to be sent with your certificate request 
    A challenge password []: 
    An optional company name []: 
    [root@nodeum certs]#

    Once done, it's required to restart the MINIO service :

    [root@nodeum certs]# systemctl restart minio

    You need to change the following configuration file /root/.mc/config.json and there change the URL of localminio configuration from http to https.

    [root@nodeum]# vi /root/.mc/config.json
    [root@nodeum .mc]# vi nodeum.conf 
    ... 
    "localminio": {
                  "url": "https://127.0.0.1:9000",
                  "accessKey": "6aIo3CBHhKa35stGKAME",
                  "secretKey": "lFRHd0MixbrrrMXESMjsqLfGHLl2KmJ419fCrUww",
                  "api": "S3v4",
                  "path": "auto"
                  },
    ... 
    [root@nodeum .mc]#

    Then you can test the configuration in using the mc admin command :

    [root@nodeum]#sudo mc admin user info localminio user1 --insecure
    AccessKey: user1
    Status: enabled
    PolicyName:
    MemberOf:
    [root@nodeum .mc]#

     

     

    Related Categories

    Settings encryption

    You may also like:

    Workflow Settings Best Practice

    Primary Storage

    Definition Primary storage is the type of storage and technologies used to store and retain digital information that is ...

    Settings encryption

    Add a SSL Certificate on Web Console Administration

    By default, the Web Console Administration is accessible on HTTP. You can add a SSL Certificate to the Web Console Admin...

    Settings encryption S3

    Setup SSE to encrypt S3 Buckets

    Description S3 connector is compatible with the Server-side encryption. This encryption solution is about protecting dat...

    Let Us Know What You Thought about this Post.

    Put your Comment Below.

    Learn and grow with award-winning support and a thriving community behind you.
    Get the free version

    Contact Us

    HQ Office

    +32 4 264 03 94

    sales@nodeum.io

    US Sales Office

    +1 415 366 6640

    sales@nodeum.io
    TALK TO A SPECIALIST
    Nodeum © 2022. All right reserved.
    Privacy Policy