MinIO server TLS
The CANedge1 lets you upload data via HTTP or HTTPS. HTTP is simpler to setup/maintain, but if security is a priority you can use HTTPS data transfer.
Note
HTTPS is an advanced topic. Ensure that your HTTP upload works first and read the S3 security section in the CANedge1 Docs before proceeding. The CANedge1 Docs also describe bundled certificates and over-the-air certificate updates
Warning
Make sure to have physical access to your CANedge1 when testing HTTPS. Note also that enabling TLS may reduce your upload speed
If you run a MinIO server, TLS is disabled by default and you’ll be using a http://
endpoint. To enable TLS on your server, you can follow the MinIO quickstart guide.
Below we use one of the examples from their guide (OpenSSL with IP address on Windows):
Download and extract OpenSSL
Create a new text file named
openssl.conf
in the folder with theopenssl.exe
filePaste below into
openssl.conf
, updateIP.1
to your MinIO endpoint (excl.http://
and port):[req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = VA L = Somewhere O = MyOrg OU = MyOU CN = MyServerName [v3_req] subjectAltName = @alt_names [alt_names] IP.1 = 127.0.0.1
Open the command prompt in the folder and enter the below:
openssl req -x509 -nodes -days 2730 -newkey rsa:2048 -keyout private.key -out public.crt -config openssl.conf
- Copy the resulting
private.key
andpublic.crt
files intoC:\Users\[your_user_name]\.minio\certs
- Rename the
public.crt
tocerts_server.p7b
[1] and copy it to the root of your device SD card - Update your device Configuration File to use
https://
in front of the MinIO IP endpoint
Test if the certificate is loaded in the device.json
file and if the CANedge1 correctly uploads data. To avoid browser warnings, you can install the self-signed certificate on your PC.
[1] | Before renaming the certificate, ensure that your File Explorer displays file extensions |