.build();

HeldCertificate intermediateCertificate = new HeldCertificate.Builder()
    .certificateAuthority(0)
    .signedBy(rootCertificate)
    .build();

HeldCertificate serverCertificate = new HeldCertificate.Builder()
    .addSubjectAlternativeName("localhost")
    .signedBy(intermediateCertificate)
    .build();
```

To serve this configuration the server needs to provide its clients with a chain of certificates

    val serverCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCertificate =
      HeldCertificate
        .Builder()
        .signedBy(serverCa)
        .addSubjectAlternativeName(server.hostName)
        .build()
    val serverHandshakeCertificates =
      HandshakeCertificates
        .Builder()

    val serverCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCertificate =
      HeldCertificate
        .Builder()
        .signedBy(serverCa)
        .addSubjectAlternativeName(server.hostName)
        .build()
    val serverHandshakeCertificates =
      HandshakeCertificates
        .Builder()

For testing purposes, here is [how to create self-signed certificates](https://github.com/minio/minio/tree/master/docs/tls#3-generate-self-signed-certificates).

## 2. Create Kubernetes secret

[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.

* A certificate signed by a CA contains information about the issued identity (e.g. name, expiry, public key) and any intermediate certificates. The root CA is not included.

## 3. Generate and use Self-signed Keys and Certificates with MinIO

This section describes how to generate a self-signed certificate using various tools:

* 3.1 [Use certgen to Generate a Certificate](#using-go)

 * signed versions of methods for which signedness is an issue.
 *
 * <p>In addition, this class provides several static methods for converting a {@code long} to a
 * {@code String} and a {@code String} to a {@code long} that treat the {@code long} as an unsigned
 * number.
 *
 * <p>Users of these utilities must be <i>extremely careful</i> not to mix up signed and unsigned

        response.readParameterWordsWireFormat(buffer, 0);

        // File size is stored as signed int
        long expectedSize = (int) fileSize;
        assertEquals(expectedSize, response.getSize());
    }

    @Test
    void testFileSizeOverflow() {
        // Test file size that overflows signed int
        response = new SmbComQueryInformationResponse(mockConfig, 0L);

		}

		// Verify response the V2 signed HTTP request.
		// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
		recV2 := httptest.NewRecorder()
		// construct HTTP request for PUT bucket policy endpoint.

		// verify response for V2 signed HTTP request.

        @Test
        @DisplayName("Should return true when signed flag is not set")
        void testVerifyNoSignedFlag() {
            // Don't set the signed flag
            SMBUtil.writeInt4(0x00000000, data, 16);

            boolean result = digest.verify(data, 0, data.length, 0, msg);

            assertTrue(result, "Should return true when signed flag is not set");
        }

        @Test

    if (tableSize <= BYTE_MAX_SIZE) {
      /*
       * Use 8 bits per entry. The value is unsigned to allow use up to a size of 2^8.
       *
       * The absent indicator of -1 signed becomes 2^8 - 1 unsigned, which reduces the actual max
       * size to 2^8 - 1. However, due to a load factor < 1 the limit is never approached.
       */
      byte[] hashTable = new byte[tableSize];