But it take me a while to figure out. Therefore, i come out a guide with screenshot.
In our lab scenario, we are using Windows based system.
Let start the configuration
1. Use GnuTLS. Download GNUTLS for Windows from here.
2. Set the system variable to include the path.[Under environment variable] Example my GNUTLS has extracted to C:\Backup\gnutls-MinGW64.DLLs-gnutls_3_6_4\win64-build\bin
3.Use command line to execute:-
certtool.exe --generate-privkey --outfile private.keyGenerating a 3072 bit RSA private key...
private.key is generated.
4. Create a cert.cnf file and put this entry:
# X.509 Certificate options
#
# DN options
# The organization of the subject.
organization = "Example Inc."
# The organizational unit of the subject.
#unit = "sleeping dept."
# The state of the certificate owner.
state = "Example"
# The country of the subject. Two letter code.
country = "EX"
# The common name of the certificate owner.
cn = "Sally Certowner"
# In how many days, counting from today, this certificate will expire.
expiration_days = 365
# X.509 v3 extensions
# DNS name(s) of the server
dns_name = "localhost"
# (Optional) Server IP address
ip_address = "127.0.0.1"
# Whether this certificate will be used for a TLS server
tls_www_server
5. Runcerttool.exe --generate-self-signed --load-privkey private.key --template cert.cnf --outfile public.crtIt will create public.crt
Generating a self signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 59d89416fe9279c1e7967dd8c1ed165cc7a42587
Validity:
Not Before: Sat Oct 20 11:15:46 UTC 2018
Not After: Sun Oct 20 11:15:46 UTC 2019
Subject: C=MY,ST=Example,O=Example Inc.,CN=Lai
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (3072 bits)
Modulus (bits 3072):
00:dc:76:f5:e4:0e:bd:d4:42:14:07:e3:c5:19:82:81
4a:61:ee:8a:2a:76:49:81:c1:be:c8:ee:ff:89:9d:51
05:df:ac:cb:06:38:45:bb:87:e1:49:e8:5b:35:e7:4e
6e:7d:b4:b5:2a:91:83:10:2d:23:2e:01:06:49:73:fd
c9:29:6f:23:70:61:2c:5c:d4:0e:56:a3:f1:ca:bc:cb
c8:aa:c0:8b:02:43:45:91:d2:49:ac:1a:63:f3:22:f2
a8:ec:06:21:ef:db:fb:46:d3:a0:24:bf:f7:b2:63:0c
6c:ec:74:4d:8a:6a:60:a9:ad:a2:83:4e:2d:72:bb:71
df:5d:3f:dd:ec:2f:ba:d8:5f:e3:19:9b:38:09:8d:63
15:23:4f:69:2a:25:56:b0:21:ba:97:65:9b:5f:8e:27
a3:4a:1e:ef:5b:9d:3b:cc:a9:d1:94:dc:c7:a5:14:6c
90:cd:bc:08:4a:79:ce:e2:35:36:94:dc:0d:ba:b2:b5
8d:4b:a7:58:82:04:17:c5:aa:47:d6:19:32:b1:60:b3
a7:35:c9:c3:9f:6b:60:be:c5:ef:60:91:61:3c:22:d5
b1:6e:3e:28:ca:61:f6:8c:1e:59:e1:c8:f1:ce:6f:b8
aa:51:fc:db:92:01:63:80:3f:ee:a3:1e:00:76:2d:47
ef:16:8f:6c:f6:f6:e1:74:e7:b3:45:26:6f:1f:73:6d
4b:36:23:66:6b:5a:b9:57:b5:47:ca:61:1b:3b:7e:57
58:26:b1:b6:e9:07:7f:ec:60:1f:21:2e:7c:38:e6:23
39:cf:aa:87:53:75:f0:c1:3b:82:19:a4:e2:48:48:3d
8d:65:f7:da:67:4a:16:1e:6e:52:5b:f7:1f:11:ff:c0
c3:53:d0:94:64:75:ba:a8:99:7b:35:20:6a:34:e0:d0
95:b7:45:7c:13:44:51:7a:78:1c:10:b1:73:d9:92:7e
a9:1a:4c:c2:fa:85:1e:3e:22:a6:a6:d1:af:6e:80:ef
eb
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
DNSname: localhost
IPAddress: 127.0.0.1
Key Purpose (not critical):
TLS WWW Server.
Key Usage (critical):
Key encipherment.
Subject Key Identifier (not critical):
9e5692715cd3badd71f601290ffcc1d2b7077877
Other Information:
Public Key ID:
sha1:9e5692715cd3badd71f601290ffcc1d2b7077877
sha256:02025e1f401f84b942285b470b21e33c3db90cf0c9a275e84dfe9f260ce866bc
Public Key PIN:
pin-sha256:AgJeH0AfhLlCKFtHCyHjPD25DPDJonXoTf6fJgzoZrw=
Signing certificate...
6. Copy private.key and public.crt and put into C:\Users\UserProfileName\.minio\certs
7. Final verification, execute "minio sever C:\Backup\Minio [depend on your folder]
use Minio Client to verify:
Hope this help!
Note:- Information refer from https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls.html