MinIO server TLS
The CANedge3 lets you upload data via HTTP or HTTPS. HTTP is simpler to setup/maintain, but if security is a priority you can use HTTPS data transfer.
Note
HTTPS is an advanced topic. Ensure that your HTTP upload works first and read the S3 security section in the CANedge3 Docs before proceeding. The CANedge3 Docs also describe bundled certificates and over-the-air certificate updates
Warning
Make sure to have physical access to your CANedge3 when testing HTTPS. Note also that enabling TLS may reduce your upload speed
If you run a MinIO server, TLS is disabled by default and you’ll be using a http:// endpoint. To enable TLS on your server, you can follow the MinIO quickstart guide.
Below we use one of the examples from their guide (OpenSSL with IP address on Windows):
Download and extract OpenSSL
Create a new text file named
openssl.confin the folder with theopenssl.exefilePaste below into
openssl.conf, updateIP.1to your MinIO endpoint (excl.http://and port):[req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = VA L = Somewhere O = MyOrg OU = MyOU CN = MyServerName [v3_req] subjectAltName = @alt_names [alt_names] IP.1 = 127.0.0.1
Open the command prompt in the folder and enter the below:
openssl req -x509 -nodes -days 2730 -newkey rsa:2048 -keyout private.key -out public.crt -config openssl.conf
- Copy the resulting
private.keyandpublic.crtfiles intoC:\Users\[your_user_name]\.minio\certs - Rename the
public.crttocerts_server.p7b[1] and copy it to the root of your device SD card - Update your device Configuration File to use
https://in front of the MinIO IP endpoint
Test if the certificate is loaded in the device.json file and if the CANedge3 correctly uploads data. To avoid browser warnings, you can install the self-signed certificate on your PC.
| [1] | Before renaming the certificate, ensure that your File Explorer displays file extensions |