标签：TLS https string certificate key certgen wrote minio

使用certgen生成证书

下载地址：https://github.com/minio/certgen/releases/tag/v0.0.2

下载地址：https://files.cnblogs.com/files/sanduzxcvbnm/0.0.2.zip

注意: 只能使用0.0.2版本的certgen，高版本的certgen没有-ca参数了

# 0.0.2版本的参数
# ./certgen-linux-amd64 --help
Usage of ./certgen-linux-amd64:
  -ca
        whether this cert should be its own Certificate Authority
  -duration duration
        Duration that certificate is valid for (default 8760h0m0s)
  -ecdsa-curve string
        ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521
  -ed25519
        Generate an Ed25519 key
  -host string
        Comma-separated hostnames and IPs to generate a certificate for
  -org-name string
        Organization name used when generating the certs (default "Acme Co")
  -rsa-bits int
        Size of RSA key to generate. Ignored if --ecdsa-curve is set (default 2048)
  -start-date string
        Creation date formatted as Jan 1 15:04:05 2011

# 大于0.0.2版本的参数
# ./certgen-linux-amd64 --help
Usage of ./certgen-linux-amd64:
  -duration duration
        Duration that certificate is valid for (default 8760h0m0s)
  -ecdsa-curve string
        ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521
  -ed25519
        Generate an Ed25519 key (default true)
  -host string
        Comma-separated hostnames and IPs to generate a certificate for
  -no-ca
        whether this cert should not be its own Certificate Authority
  -org-name string
        Organization name used when generating the certs (default "Acme Co")
  -start-date string
        Creation date formatted as Jan 1 15:04:05 2011

# certgen -ca -host "主机IP,minio容器运行IP"

# 如果缺容器IP Post "https://172.17.0.2:9000/": x509: certificate is valid for 192.168.20.102, not 172.17.0.2 错误
# 如果缺主机IP Post "https://172.17.0.2:9000/": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Acme Co") 错误

# 实际执行的生成证书的命令
# ./certgen-linux-amd64 -ca -host "192.168.20.102,172.17.0.2" 
2022/03/09 14:10:58 wrote public.crt
2022/03/09 14:10:58 wrote private.key

使用容器运行minio服务

mkdir -p /mnt/{data,config}

docker run -d -p 9000:9000 -p 9001:9001 --name minio1 \
  -e "MINIO_ACCESS_KEY=admin" \
  -e "MINIO_SECRET_KEY=12345678" \
  -v /mnt/data:/data \
  -v /mnt/config:/root/.minio \
  minio/minio server /data --console-address ":9001"

复制生成的证书到/mnt/config/certs路径下

cp p* /mnt/config/certs
docker restart minio1 

使用https://192.168.20.102:9000访问登录即可

certgen扩展

Example (server)

certgen -ca -host "10.10.0.3,10.10.0.4,10.10.0.5"

2020/11/21 10:16:18 wrote public.crt
2020/11/21 10:16:18 wrote private.key

Example (client)

certgen -client -host "localhost"

2022/02/28 16:55:37 wrote client.crt
2022/02/28 16:55:37 wrote client.key

标签：TLS,https,string,certificate,key,certgen,wrote,minio
来源： https://www.cnblogs.com/sanduzxcvbnm/p/15984957.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。