From 4a926d19a736a21cf17195e83088ec798373b01e Mon Sep 17 00:00:00 2001 From: Anis Elleuch Date: Fri, 18 Nov 2016 21:03:23 +0100 Subject: [PATCH] Add GnuTLS config documentation for Windows (#3285) --- docs/configure-minio-with-gnutls-windows.md | 68 +++++++++++++++++++++ docs/configure-minio-with-tls.md | 2 +- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 docs/configure-minio-with-gnutls-windows.md diff --git a/docs/configure-minio-with-gnutls-windows.md b/docs/configure-minio-with-gnutls-windows.md new file mode 100644 index 000000000..b397e30d8 --- /dev/null +++ b/docs/configure-minio-with-gnutls-windows.md @@ -0,0 +1,68 @@ + +# Generate self signed certificate with GnuTLS under Windows + + +## 1. Install GnuTLS + +Download and decompress the Windows version of GnuTLS from [here](http://www.gnutls.org/download.html) + +Add the directory `gnutls-3.4.9-w64/bin` to your PATH environment and restart your console + +## 2. Generate private.key + +Run the following command to create `private.key` +``` +certtool.exe --generate-privkey --outfile private.key +``` + +## 3. Generate public.crt + +The easiest way is to generate certificate is to specify its information under a file. You can find an example below. We'll call that file `cert.cnf`. + +``` +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Example Inc." + +# The organizational unit of the subject. +#unit = "sleeping dept." + +# The state of the certificate owner. +state = "Example" + +# The country of the subject. Two letter code. +country = "EX" + +# The common name of the certificate owner. +cn = "Sally Certowner" + +# In how many days, counting from today, this certificate will expire. +expiration_days = 365 + +# X.509 v3 extensions + +# DNS name(s) of the server +dns_name = "localhost" + +# (Optional) Server IP address +ip_address = "127.0.0.1" + +# Whether this certificate will be used for a TLS server +tls_www_server + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +encryption_key +``` + +Now, it is time to generate the public certificate using this command: + +```sh +certtool.exe --generate-self-signed --load-privkey private.key --template cert.cnf --outfile public.crt +``` + +That's it. diff --git a/docs/configure-minio-with-tls.md b/docs/configure-minio-with-tls.md index fcdeddb57..2ba9d872b 100644 --- a/docs/configure-minio-with-tls.md +++ b/docs/configure-minio-with-tls.md @@ -1,6 +1,6 @@ # How to secure access to your Minio server with TLS [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/minio/minio?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) -In this document, we will show how to configure your Minio servers with TLS certificates. +In this document, we will show how to configure your Minio servers with TLS certificates. Steps for Windows could be found [here](https://github.com/minio/minio/blob/master/docs/configure-minio-with-gnutls-windows.md). ## 1. Prerequisites