MinIO server TLS

The CANedge2 lets you upload data via HTTP or HTTPS. HTTP is simpler to setup/maintain, but if security is a priority you can use HTTPS data transfer.

Note

HTTPS is an advanced topic. Ensure that your HTTP upload works first and read the S3 security section in the CANedge2 Docs before proceeding. The CANedge2 Docs also describe bundled certificates and over-the-air certificate updates

Warning

Make sure to have physical access to your CANedge2 when testing HTTPS. Note also that enabling TLS may reduce your upload speed

If you run a MinIO server, TLS is disabled by default and you’ll be using a http:// endpoint. To enable TLS on your server, you can follow the MinIO quickstart guide.

Below we use one of the examples from their guide (OpenSSL with IP address on Windows):

  1. Download and extract OpenSSL

  2. Create a new text file named openssl.conf in the folder with the openssl.exe file

  3. Paste below into openssl.conf, update IP.1 to your MinIO endpoint (excl. http:// and port):

    [req]
    distinguished_name = req_distinguished_name
    x509_extensions = v3_req
    prompt = no
    
    [req_distinguished_name]
    C = US
    ST = VA
    L = Somewhere
    O = MyOrg
    OU = MyOU
    CN = MyServerName
    
    [v3_req]
    subjectAltName = @alt_names
    
    [alt_names]
    IP.1 = 127.0.0.1
    
  4. Open the command prompt in the folder and enter the below:

openssl req -x509 -nodes -days 2730 -newkey rsa:2048 -keyout private.key -out public.crt -config openssl.conf
  1. Copy the resulting private.key and public.crt files into C:\Users\[your_user_name]\.minio\certs
  2. Rename the public.crt to certs_server.p7b[1] and copy it to the root of your device SD card
  3. Update your device Configuration File to use https:// in front of the MinIO IP endpoint

Test if the certificate is loaded in the device.json file and if the CANedge2 correctly uploads data. To avoid browser warnings, you can install the self-signed certificate on your PC.


[1]Before renaming the certificate, ensure that your File Explorer displays file extensions