You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"For a self-signed certificate, the Certificate Authority is typically the private key used to sign the cert."
The Certificate Authority (CA) is represented by the public certificate, not the private key. In the context of self-signed certificates, the certificate itself (which includes the public key) acts as its own CA. The private key is used to sign the certificate but is not the CA itself.
Distributing the private key is insecure and should never be done. The private key must remain confidential to maintain the security of the certificate. Sharing the private key would compromise the entire security model of TLS.
Correct Information:
For self-signed certificates:
Use the self-signed certificate (public certificate) as the CA certificate. Place the self-signed public certificate in the /certs/CAs directory so that MinIO can trust it.
Do not use or share the private key as the CA certificate. Only the public certificate should be shared or distributed for trust purposes.
The text was updated successfully, but these errors were encountered:
Adds missing config settings throughout storage class page.
Closes#1349
Adds instructions for adding certificates for connecting by sftp.
Closes#1354
Corrects information about which key to use for self-signed CAs.
Closes#1358
Moves `context` to optional for batch key rotate jobs.
Closes#1356
- Adds missing config settings throughout storage class page.
Closes#1349
- Adds instructions for adding certificates for connecting by sftp.
Closes#1354
- Corrects information about which key to use for self-signed CAs.
Closes#1358
- Moves `context` to optional for batch key rotate jobs.
Closes#1356
- clean up missing ref links causing build warnings.
Describe the bug
Hi team, on this page: https://min.io/docs/minio/linux/operations/network-encryption.html#self-signed-internal-private-certificat[…]blic-cas-with-intermediate-certificates
The statement is incorrect:
The Certificate Authority (CA) is represented by the public certificate, not the private key. In the context of self-signed certificates, the certificate itself (which includes the public key) acts as its own CA. The private key is used to sign the certificate but is not the CA itself.
Distributing the private key is insecure and should never be done. The private key must remain confidential to maintain the security of the certificate. Sharing the private key would compromise the entire security model of TLS.
Correct Information:
For self-signed certificates:
Use the self-signed certificate (public certificate) as the CA certificate. Place the self-signed public certificate in the /certs/CAs directory so that MinIO can trust it.
Do not use or share the private key as the CA certificate. Only the public certificate should be shared or distributed for trust purposes.
The text was updated successfully, but these errors were encountered: