Configure MinIO Object Storage with HTTPS Encryption

MinIO turns on HTTPS encryption

1. Install and configure OpenSSL

Download OpenSSL from the OpenSSL Web site (http://www.openssl.org/), OpenSSL for Windows can be used on the Windows platform. After installation, add the bin directory of OpenSSL to the PATH environment variable of the system, as shown in D:\OpenSSL-Win64\bin.

2. Run the following command in the ${HOME}.minio/certs path to generate the private key

openssl genrsa -out private.key 2048

3. Generate a self-signed certificate

Create a openssl.conf file with the following contents. You need to set IP.1 and DNS.1 to correct IP and DNS addresses:

[req]

distinguished_name = req_distinguished_name

x509_extensions = v3_req

prompt = no

[req_distinguished_name]

C = US

ST = VA

L = Somewhere

O = MyOrg

OU = MyOU

CN = MyServerName

[v3_req]

subjectAltName = @alt_names

[alt_names]

IP.1 = 192.168.17.216

DNS.1 = localhost

Then run the following command to generate the crt certificate file:

openssl req -new -x509 -nodes -days 999 -key private.key -out public.crt -config openssl.conf

4. Import a certificate

Import the generated certificate with the following command:

keytool -import -alias public -keystore cacerts -file public.crt

Restart MinIO after completing the above configuration, and verify whether MinIO with HTTPS encryption can be accessed.

Set iServer Trust Certificate

1. Convert a CRT certificate file to a truststore certificate file

Double-click the generated public. CRT certificate file, click detailed information "-> Copy to File-> Next, and select "Base64-encoded X.509 (.CER) (S)" and then specify the name of the exported file to export the public. CRT file as a public. Cer file. Then execute the following command to generate the The cer file is converted to a truststore file.

keytool -import -alias certificatekey -file public.cer -keystore public.truststore

2. Configure the certificate

On the iServer server, modify the% SuperMap iServer _ HOME under the%/bin directory The Catalina. Bat file, which adds the client certificate (public. Truststore) to the iServer, authenticates the HTTPS server. The specific amendments are as follows:

Before modification, it is as follows:

set JAVA_OPTS=%JAVA_OPTS% -Xms256m -Xmx1536m -Xss512k

The modification is as follows:

set JAVA_OPTS=%JAVA_OPTS% -Xms256m -Xmx1536m -Xss512k -Djavax.net.ssl.trustStore=C:/Users/Administrator/.minio/certs/public.truststore -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=123456

• Djavax.net.ssl.trustStore: Used to specify the path and name of the client certificate.
• Djavax.net.ssl.trustStorePassword: The password corresponding to the client certificate.