|
|
|
@ -23,19 +23,27 @@ You need to download [generate_cert.go](https://golang.org/src/crypto/tls/genera |
|
|
|
|
`generate_cert.go` already provides SAN certificates with DNS and IP entries: |
|
|
|
|
|
|
|
|
|
```sh |
|
|
|
|
go run generate_cert.go -ca --host "10.10.0.3" |
|
|
|
|
|
|
|
|
|
go run generate_cert.go -ca --host "10.10.0.3" |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
#### With OpenSSL: |
|
|
|
|
|
|
|
|
|
Generate the private key: |
|
|
|
|
|
|
|
|
|
```sh |
|
|
|
|
|
|
|
|
|
openssl genrsa -out private.key 1024 |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
Generate the self-signed certificate: |
|
|
|
|
|
|
|
|
|
```sh |
|
|
|
|
|
|
|
|
|
openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=country/ST=state/L=location/O=organization/CN=domain" |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
### Windows |
|
|
|
@ -47,8 +55,11 @@ Minio only supports key/certificate in PEM format on Windows. Currently we do no |
|
|
|
|
Download and decompress the Windows version of GnuTLS from [here](http://www.gnutls.org/download.html) |
|
|
|
|
|
|
|
|
|
Make sure to add extracted GnuTLS binary path to your system path. |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
setx path "%path%;C:\Users\MyUser\Downloads\gnutls-3.4.9-w64\bin" |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
You may need to restart your powershell console for this to take affect. |
|
|
|
@ -56,8 +67,11 @@ You may need to restart your powershell console for this to take affect. |
|
|
|
|
#### Generate private.key |
|
|
|
|
|
|
|
|
|
Run the following command to create `private.key` |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
certtool.exe --generate-privkey --outfile private.key |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
#### Generate public.crt |
|
|
|
@ -105,8 +119,11 @@ encryption_key |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
Generate public certificate |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
certtool.exe --generate-self-signed --load-privkey private.key --template cert.cnf --outfile public.crt |
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
## 3. Configure Minio with the generated certificate |
|
|
|
|