From 199d1eb1d4b1a931efe686134d7dc9b2c57a37f1 Mon Sep 17 00:00:00 2001 From: Daryl White <53910321+djwfyi@users.noreply.github.com> Date: Thu, 30 Mar 2023 13:04:10 -0500 Subject: [PATCH] Adds info on certificates with the MinIO Client (#782) - Adds a new section on certificates to the MinIO Client page - Adds a new section in Behaviors to the mc alias set page - Minor fix to a --json flag command in version doc Closes #781 --- .../object-management/object-versioning.rst | 2 +- source/reference/minio-mc.rst | 28 +++++++++++++++++++ source/reference/minio-mc/mc-alias-set.rst | 12 +++++++- 3 files changed, 40 insertions(+), 2 deletions(-) diff --git a/source/administration/object-management/object-versioning.rst b/source/administration/object-management/object-versioning.rst index 421df527..cc8bcdf5 100644 --- a/source/administration/object-management/object-versioning.rst +++ b/source/administration/object-management/object-versioning.rst @@ -302,7 +302,7 @@ You can exclude up to 10 prefixes for each bucket. To add or remove prefixes, repeat the :mc-cmd:`mc version enable` command with an updated list. The new list of prefixes replaces the previous one. -To view the currently excluded prefixes, use :mc-cmd:`mc version info` with the :mc-cmd:`~mc version enable --JSON` option: +To view the currently excluded prefixes, use :mc-cmd:`mc version info` with the ``--JSON`` option: .. code-block:: shell :class: copyable diff --git a/source/reference/minio-mc.rst b/source/reference/minio-mc.rst index 5349b6fd..5c461ad4 100644 --- a/source/reference/minio-mc.rst +++ b/source/reference/minio-mc.rst @@ -418,6 +418,34 @@ The following list describes each possible file path location in the order You can use the ``--config-dir`` +.. _minio-mc-certificates: + +Certificates +------------ + +The MinIO Client stores certificates and CAs for deployments to the following paths: + +Linux, MacOS, and other Unix-like systems: + +.. code-block:: shell + + ~/.mc/certs/ # certificates + ~/.mc/certs/CAs/ # Certificate Authorities + +Windows systems: + +.. code-block:: shell + + C:\Users\[username]\mc\certs\ # certificates + C:\Users\[username]\mc\certs\CAs\ # Certificate Authorities + +When creating a new :ref:`alias `, the MinIO Client fetches the peer certificate, computes the public key fingerprint, and asks the user whether to accept the deployment's certificate. +If you decide to trust the certificate, the MinIO Client adds the certificate to the certificate authority path listed above. + +.. note:: + + In testing environments, you can bypass the certificate check for selected MinIO Client commands by passing the ``--insecure`` flag. + .. _minio-mc-global-options: Global Options diff --git a/source/reference/minio-mc/mc-alias-set.rst b/source/reference/minio-mc/mc-alias-set.rst index a2895cb3..e6c4592c 100644 --- a/source/reference/minio-mc/mc-alias-set.rst +++ b/source/reference/minio-mc/mc-alias-set.rst @@ -198,4 +198,14 @@ For more complete documentation on S3 Access Control, see :s3-docs:`Amazon S3 Security `. For all other S3-compatible services, defer to the documentation for that -service. \ No newline at end of file +service. + +Certificates +~~~~~~~~~~~~ + +The MinIO Client fetches the peer certificate, computes the public key fingerprint, and asks the user whether to accept the deployment's certificate. + +If trusted, the MinIO Client automatically adds the certificate authority to: + +- ``~/.mc/certs/CAs/`` on Linux and other Unix-like systems. +- ``C:\Users\[username]\mc\certs\CAs\`` on Windows systems. \ No newline at end of file