Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Incorrect information about CA certs #1358

Closed
marktheunissen opened this issue Oct 27, 2024 · 0 comments · Fixed by #1380
Closed

[BUG] Incorrect information about CA certs #1358

marktheunissen opened this issue Oct 27, 2024 · 0 comments · Fixed by #1380
Assignees
Labels
tiny Small, bite-sized fixes that require minimal effort

Comments

@marktheunissen
Copy link
Contributor

Describe the bug

Hi team, on this page: https://min.io/docs/minio/linux/operations/network-encryption.html#self-signed-internal-private-certificat[…]blic-cas-with-intermediate-certificates

The statement is incorrect:

"For a self-signed certificate, the Certificate Authority is typically the private key used to sign the cert."

The Certificate Authority (CA) is represented by the public certificate, not the private key. In the context of self-signed certificates, the certificate itself (which includes the public key) acts as its own CA. The private key is used to sign the certificate but is not the CA itself.
Distributing the private key is insecure and should never be done. The private key must remain confidential to maintain the security of the certificate. Sharing the private key would compromise the entire security model of TLS.

Correct Information:
For self-signed certificates:
Use the self-signed certificate (public certificate) as the CA certificate. Place the self-signed public certificate in the /certs/CAs directory so that MinIO can trust it.
Do not use or share the private key as the CA certificate. Only the public certificate should be shared or distributed for trust purposes.

@marktheunissen marktheunissen added the triage Needs triage and scheduling label Oct 27, 2024
@marktheunissen marktheunissen changed the title [BUG] [BUG] Incorrect information about CA certs Oct 27, 2024
@Bradamant3 Bradamant3 added tiny Small, bite-sized fixes that require minimal effort and removed triage Needs triage and scheduling labels Oct 28, 2024
@Bradamant3 Bradamant3 self-assigned this Oct 28, 2024
@djwfyi djwfyi assigned djwfyi and unassigned Bradamant3 Dec 3, 2024
djwfyi added a commit that referenced this issue Dec 3, 2024
Adds missing config settings throughout storage class page.

Closes #1349

Adds instructions for adding certificates for connecting by sftp.

Closes #1354

Corrects information about which key to use for self-signed CAs.

Closes #1358

Moves `context` to optional for batch key rotate jobs.

Closes #1356
djwfyi added a commit that referenced this issue Dec 4, 2024
- Adds missing config settings throughout storage class page.
    
  Closes #1349
    
- Adds instructions for adding certificates for connecting by sftp.
    
  Closes #1354
    
- Corrects information about which key to use for self-signed CAs.
    
  Closes #1358
    
- Moves `context` to optional for batch key rotate jobs.
    
  Closes #1356

- clean up missing ref links causing build warnings.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
tiny Small, bite-sized fixes that require minimal effort
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants