Search This Blog

Saturday, October 20, 2018

Create Self Signed Certicate to Use For Minio

By default minio is using http. To configure minio to use TLS, you need to create a self signed certificate. Original post is taken from here:- https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls.html

But it take me a while to figure out. Therefore, i come out a guide with screenshot.

In our lab scenario, we are using Windows based system.

Let start the configuration
1. Use GnuTLS. Download GNUTLS for Windows from here.
2. Set the system variable to include the path.[Under environment variable] Example my GNUTLS has extracted to C:\Backup\gnutls-MinGW64.DLLs-gnutls_3_6_4\win64-build\bin

3.Use command line to execute:-
certtool.exe --generate-privkey --outfile private.key
Generating a 3072 bit RSA private key...

private.key is generated.

4. Create a cert.cnf file and put this entry:

# X.509 Certificate options
#
# DN options

# The organization of the subject.
organization = "Example Inc."

# The organizational unit of the subject.
#unit = "sleeping dept."

# The state of the certificate owner.
state = "Example"

# The country of the subject. Two letter code.
country = "MY"

# The common name of the certificate owner.
cn = "Lai"

# In how many days, counting from today, this certificate will expire.
expiration_days = 365

# X.509 v3 extensions

# DNS name(s) of the server
dns_name = "localhost"

# (Optional) Server IP address
ip_address = "127.0.0.1"

# Whether this certificate will be used for a TLS server
tls_www_server

# Whether this certificate will be used to encrypt data (needed
# in TLS RSA cipher suites). Note that it is preferred to use different
# keys for encryption and signing.
encryption_key
5. Run

certtool.exe --generate-self-signed --load-privkey private.key --template cert.cnf --outfile public.crt
It will create public.crt
Generating a self signed certificate...
X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 59d89416fe9279c1e7967dd8c1ed165cc7a42587
        Validity:
                Not Before: Sat Oct 20 11:15:46 UTC 2018
                Not After: Sun Oct 20 11:15:46 UTC 2019
        Subject: C=MY,ST=Example,O=Example Inc.,CN=Lai
        Subject Public Key Algorithm: RSA
        Algorithm Security Level: High (3072 bits)
                Modulus (bits 3072):
                        00:dc:76:f5:e4:0e:bd:d4:42:14:07:e3:c5:19:82:81
                        4a:61:ee:8a:2a:76:49:81:c1:be:c8:ee:ff:89:9d:51
                        05:df:ac:cb:06:38:45:bb:87:e1:49:e8:5b:35:e7:4e
                        6e:7d:b4:b5:2a:91:83:10:2d:23:2e:01:06:49:73:fd
                        c9:29:6f:23:70:61:2c:5c:d4:0e:56:a3:f1:ca:bc:cb
                        c8:aa:c0:8b:02:43:45:91:d2:49:ac:1a:63:f3:22:f2
                        a8:ec:06:21:ef:db:fb:46:d3:a0:24:bf:f7:b2:63:0c
                        6c:ec:74:4d:8a:6a:60:a9:ad:a2:83:4e:2d:72:bb:71
                        df:5d:3f:dd:ec:2f:ba:d8:5f:e3:19:9b:38:09:8d:63
                        15:23:4f:69:2a:25:56:b0:21:ba:97:65:9b:5f:8e:27
                        a3:4a:1e:ef:5b:9d:3b:cc:a9:d1:94:dc:c7:a5:14:6c
                        90:cd:bc:08:4a:79:ce:e2:35:36:94:dc:0d:ba:b2:b5
                        8d:4b:a7:58:82:04:17:c5:aa:47:d6:19:32:b1:60:b3
                        a7:35:c9:c3:9f:6b:60:be:c5:ef:60:91:61:3c:22:d5
                        b1:6e:3e:28:ca:61:f6:8c:1e:59:e1:c8:f1:ce:6f:b8
                        aa:51:fc:db:92:01:63:80:3f:ee:a3:1e:00:76:2d:47
                        ef:16:8f:6c:f6:f6:e1:74:e7:b3:45:26:6f:1f:73:6d
                        4b:36:23:66:6b:5a:b9:57:b5:47:ca:61:1b:3b:7e:57
                        58:26:b1:b6:e9:07:7f:ec:60:1f:21:2e:7c:38:e6:23
                        39:cf:aa:87:53:75:f0:c1:3b:82:19:a4:e2:48:48:3d
                        8d:65:f7:da:67:4a:16:1e:6e:52:5b:f7:1f:11:ff:c0
                        c3:53:d0:94:64:75:ba:a8:99:7b:35:20:6a:34:e0:d0
                        95:b7:45:7c:13:44:51:7a:78:1c:10:b1:73:d9:92:7e
                        a9:1a:4c:c2:fa:85:1e:3e:22:a6:a6:d1:af:6e:80:ef
                        eb
                Exponent (bits 24):
                        01:00:01
        Extensions:
                Basic Constraints (critical):
                        Certificate Authority (CA): FALSE
                Subject Alternative Name (not critical):
                        DNSname: localhost
                        IPAddress: 127.0.0.1
                Key Purpose (not critical):
                        TLS WWW Server.
                Key Usage (critical):
                        Key encipherment.
                Subject Key Identifier (not critical):
                        9e5692715cd3badd71f601290ffcc1d2b7077877
Other Information:
        Public Key ID:
                sha1:9e5692715cd3badd71f601290ffcc1d2b7077877
                sha256:02025e1f401f84b942285b470b21e33c3db90cf0c9a275e84dfe9f260ce866bc
        Public Key PIN:
                pin-sha256:AgJeH0AfhLlCKFtHCyHjPD25DPDJonXoTf6fJgzoZrw=

Signing certificate...

6. Copy private.key and public.crt and put into C:\Users\UserProfileName\.minio\certs

7. Final verification, execute "minio sever C:\Backup\Minio [depend on your folder]


use Minio Client to verify:


Hope this help!

4 comments:

  1. Uno de los estilos más populares hechos por mk hoy es el Bolsos Michael Kors Rebajas. El Bolsos Michael Kors Baratos es un estilo clásico y funcional que las mujeres aman. Bolsas Michael Kors Outlet de materiales de calidad con artesanía detallada. Con todas estas ventajas, no es de extrañar que los bolsos michael kors baratos sean tan populares. Este bolsos michael kors rebajas es un bolso estilo embrague que es más tradicional en su diseño.

    Denna MK Väska kan bära böcker om du är en student och alla dina hemma arbeten om du har gått in i arbetslivet. Michael Kors Väska Rea gör också en påse stil väska och en swing stil. Väskor Michael Kors Rea har utökat sin linje för att inkludera en mängd tillbehör som inkluderar plånböcker, nyckelkedjor, kortväskor, checkbooköverdrag och kameratäckar. michael kors väska rea erbjuder också en fransk handväska och mini plånbok. michael kors väska har blivit känd som en kvalitetsdesigner som tillverkar en kvalitetsprodukt.

    Posséder un Longchamp Soldes Destockage n'est pas simplement une déclaration de mode. Toute femme intéressée par la qualité, la fonctionnalité et l’accessibilité financière devrait envisager un Sac Longchamp Bandouliere. Sac A Main Pas Cher, l’une des gammes de sacs à main et d’accessoires les plus populaires sur le marché à ce jour, propose une vaste gamme de produits longchamp soldes destockage. Puisque longchamp est si populaire, les sac longchamp pas cher sont souvent copiés.

    ReplyDelete
  2. Ray Ban Sunglasses Sale Uk are prepping for that fashionable holiday.
    Ray Ban Sale Uk are in the savvy eye of the stylish beholder.
    Ray Ban Sunglasses Sale Uk are much cheaper than you would pay in a regular store.
    Sunglasses UK meant for women are slightly different from men' varieties, so when you are choosing sun glasses for the women, you should keep in mind certain factors.
    Oakley Sunglasses Sale are very functional and known as spy sunglasses, because they are meant for recording videos and images.
    Cheap Oakley Sunglasses also offer polarization feature of the lens.

    ReplyDelete
  3. It is a pleasant post. There is lots of useful information here.
    Norton Customer Service

    ReplyDelete