Subscribe to Email Updates

    Settings encryption | 2 min read

    Enable SSL Certificate Container accessible on S3 Protocol

    By default, the Containers are accessible on S3 with HTTP protocol. You can add a SSL Certificate to allow data encryption.

    There are multiple types of certificates that can be used to enable SSL.

    1. Self-Signed Certificate

    Preamble

    We consider in this example the following parameters 

    • Certificate validity period of key SSL is 365 days
    • Private key file name is "private.key"
    • Certificate file name is "public.crt"

    1. Creation of the self-signed certificate 


    [root@nodeum]# cd /root/.minio/certs/
    [root@nodeum certs]# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out public.crt
    Generating a RSA private key ..........+++++
    ..................................................................................................................+++++
    writing new private key to '/root/.minio/certs/private.key' ----
    You are about to be asked to enter information that will be incorporated into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value, If you enter '.', the field will be left blank.
    ----
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:California
    Locality Name (eg, city) []:Newyork
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Webdock
    Organizational Unit Name (eg, section) []:IT
    Common Name (e.g. server FQDN or YOUR name) []:site1.example.com
    Email Address []:admin@example.com
    Please enter the following 'extra' attributes to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    [root@nodeum certs]#

    Once done, it's required to restart the MINIO service :

    [root@nodeum certs]# systemctl restart minio

    You need to change the following configuration file /root/.mc/config.json and there change the URL of localminio configuration from http to https.

    [root@nodeum]# vi /root/.mc/config.json
    [root@nodeum .mc]# vi nodeum.conf
    ...
    "localminio": {
                 "url": "https://127.0.0.1:9000",
                 "accessKey": "6aIo3CBHhKa35stGKAME",
                "secretKey": "lFRHd0MixbrrrMXESMjsqLfGHLl2KmJ419fCrUww",
                 "api": "S3v4",
                 "path": "auto"
                 },
    ...
    [root@nodeum .mc]#

    Then you can test the configuration in using the mc admin command :

    [root@nodeum]#sudo mc admin user info localminio user1 --insecure
    AccessKey: user1
    Status: enabled
    PolicyName:
    MemberOf:
    [root@nodeum .mc]#

     

     

    Related Categories

    Settings encryption

    You may also like:

    Workflow Settings Best Practice

    Primary Storage

    Definition Primary storage is the type of storage and technologies used to store and retain digital information that is ...

    Settings encryption

    Add a SSL Certificate on Web Console Administration

    By default, the Web Console Administration is accessible on HTTP. You can add a SSL Certificate to the Web Console Admin...

    Settings encryption S3

    Setup SSE to encrypt S3 Buckets

    Description S3 connector is compatible with the Server-side encryption. This encryption solution is about protecting dat...

    Let Us Know What You Thought about this Post.

    Put your Comment Below.

    Learn and grow with award-winning support and a thriving community behind you.

    Get the free version