79177139

Date: 2024-11-11 09:52:26
Score: 3
Natty:
Report link

I get the same error that certs are untrusted, configuration seems like yours so maybe somehow I am generating certs in the wrong way

  kes:
    image: minio/kes:latest
    container_name: kes
    restart: unless-stopped
    ports:
      - 7373:7373
    networks:
      - chat
    volumes:
      - kes-config:/root/.kes/config
      - kes-certs:/root/.kes/certs
      - vault-certs:/root/.kes/certs/vault
    environment:
      KES_SERVER: https://kes:7373
      KES_CLIENT_KEY: /root/.kes/certs/minio-kes.key
      KES_CLIENT_CERT: /root/.kes/certs/minio-kes.crt
    command: server --config=/root/.kes/config/config.yaml

  kes-certs:
    driver: local
    external: false
    driver_opts:
      o: bind
      type: none
      device: ${HOME}/docker-storage/chat/certs/kes

Configuration:

address: 0.0.0.0:7373

admin:
  identity: disabled

tls:
  key: /root/.kes/certs/kes-server.key
  cert: /root/.kes/certs/kes-server.crt
  ca: ""

policy:
  minio:
    allow:
      - /v1/key/create/*
      - /v1/key/generate/*
      - /v1/key/decrypt/*
      - /v1/key/bulk/decrypt
      - /v1/key/list/*
      - /v1/status
      - /v1/metrics
      - /v1/log/audit
      - /v1/log/error
    identities:
      - 938d23b96f98b5431edfaa7633770f13bc942bdd97bc272a23970472b8b5cccc
keystore:
  fs:

Certificates I am generating in this mode

openssl ecparam -genkey -name prime256v1 | openssl ec -out minio-kes.key
openssl req -new -x509 -days 30 -key  minio-kes.key -out minio-kes.crt     -subj "/C=/ST=/L=/O=/CN=minio"     -addext "subjectAltName = IP:127.0.0.1, IP:0.0.0.0, DNS:kes, DNS:minio"
Reasons:
  • RegEx Blacklisted phrase (1): I get the same error
  • Long answer (-1):
  • Has code block (-0.5):
  • Me too answer (2.5): I get the same error
  • Low reputation (1):
Posted by: Vasile Bubuioc