服务端证书生成
openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -subj "/CN=*.*.*.*" -days 365 -out ca.crt openssl genrsa -out server.key 2048 openssl req -new -nodes -key server.key -subj "/CN=*.*.*.*" -out server.csr # 服务端证书生成时,需要设置subjectAltName = IP:172.20.20.203 echo subjectAltName = IP:172.20.20.203 > extfile.cnf openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out server.crt -days 3650
从key导出pem公钥和私钥:
私钥:openssl rsa -in demo.key -out private.pem 公钥:openssl rsa -in demo.key -pubout -out public.pem
客户端连接配置
endpoint := "192.168.77.114:9091" user := "minioadmin" pass := "minioadmin" ca := `-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----` k := `-----BEGIN RSA PRIVATE KEY----- xxx -----END RSA PRIVATE KEY-----` c := `-----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE-----` pool := x509.NewCertPool() pool.AppendCertsFromPEM([]byte(ca)) var cliCrt tls.Certificate // 具体的证书加载对象 cliCrt, err := tls.X509KeyPair([]byte(c), []byte(k)) if err != nil { log.Fatalln(err) } minioClient, err := minio.New(endpoint, &minio.Options{ Creds: credentials.NewStaticV4(user, pass, ""), Secure: true, Transport: &http.Transport{ TLSClientConfig: &tls.Config{ RootCAs: pool, Certificates: []tls.Certificate{cliCrt}, }, }, }) if err != nil { log.Fatal(err) } if err := minioClient.MakeBucket(context.Background(), "demo", minio.MakeBucketOptions{}); err != nil { log.Fatal(err) } fmt.Println(minioClient)