Subscribe to Email Updates

    Settings encryption | 2 min read

    Enable SSL Certificate Container accessible on S3 Protocol

    By default, the Containers are accessible on S3 with HTTP protocol. You can add a SSL Certificate to allow data encryption.

    There are multiple types of certificates that can be used to enable SSL.

    1. Self-Signed Certificate

    Preamble

    We consider in this example the following parameters 

    • Certificate validity period of key SSL is 365 days
    • Private key file name is "private.key"
    • Certificate file name is "public.crt"
    • Server IP address is "10.x.x.x"

    1. Creation of the self-signed certificate 


    [root@nodeum]# cd /root/.minio/certs/
    [root@nodeum certs]# sudo openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout ./private.key -out ./public.crt -subj "/CN=nodeum.domain.local" -addext "subjectAltName=DNS:nodeum.domain.local,DNS:localhost,IP:0.0.0.0,IP:127.0.0.1,IP:10.x.x.x"
    Generating a RSA private key
    ....................................................................................................................................................................................................................................................................................................................................++++
    ........................................................................................................................++++
    writing new private key to './private.key'
    -----
    [root@nodeum certs]#

    Once done, it's required to restart the MINIO service :

    [root@nodeum certs]# systemctl restart minio

    You need to change the following configuration file /root/.mc/config.json and there change the URL of localminio configuration from http to https.

    [root@nodeum]# vi /root/.mc/config.json
    [root@nodeum .mc]# vi nodeum.conf
    ...
    "localminio": {
                 "url": "https://127.0.0.1:9000",
                 "accessKey": "6aIo3CBHhKa35stGKAME",
                "secretKey": "lFRHd0MixbrrrMXESMjsqLfGHLl2KmJ419fCrUww",
                 "api": "S3v4",
                 "path": "auto"
                 },
    ...
    [root@nodeum .mc]#

    Then you can test the configuration in using the mc admin command :

    [root@nodeum]#sudo mc admin user info localminio user1 --insecure
    AccessKey: user1
    Status: enabled
    PolicyName:
    MemberOf:
    [root@nodeum .mc]#

     

     

    Related Categories

    Settings encryption

    You may also like:

    Workflow Settings Best Practice

    Primary Storage

    Definition Primary storage is the type of storage and technologies used to store and retain digital information that is ...

    Settings encryption

    Add a SSL Certificate on Web Console

    By default, the Web Console is accessible on HTTP. Nodeum allows the configuration of its Web Console with SSL Certifica...

    Settings encryption S3

    Setup SSE to encrypt S3 Buckets

    Description S3 connector is compatible with the Server-side encryption. This encryption solution is about protecting dat...

    Let Us Know What You Thought about this Post.

    Put your Comment Below.

    Learn and grow with award-winning support and a thriving community behind you.

    Get the free version