[BUG] Incorrect information about CA certs #1358
Assignees
Labels
tiny
Small, bite-sized fixes that require minimal effort
Comments
Bradamant3
added
tiny
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Hi team, on this page: https://min.io/docs/minio/linux/operations/network-encryption.html#self-signed-internal-private-certificat[…]blic-cas-with-intermediate-certificates
The statement is incorrect:
The Certificate Authority (CA) is represented by the public certificate, not the private key. In the context of self-signed certificates, the certificate itself (which includes the public key) acts as its own CA. The private key is used to sign the certificate but is not the CA itself.
Distributing the private key is insecure and should never be done. The private key must remain confidential to maintain the security of the certificate. Sharing the private key would compromise the entire security model of TLS.
Correct Information:
For self-signed certificates:
Use the self-signed certificate (public certificate) as the CA certificate. Place the self-signed public certificate in the /certs/CAs directory so that MinIO can trust it.
Do not use or share the private key as the CA certificate. Only the public certificate should be shared or distributed for trust purposes.
The text was updated successfully, but these errors were encountered: