"application/vnd.micrografx.igx",
				"application/vnd.mif",
				"application/vnd.mindjet.mindmanager",
				"application/vnd.minisoft-hp3000-save",
				"application/vnd.mitsubishi.misty-guard.trustweb",
				"application/vnd.mobius.daf",
				"application/vnd.mobius.dis",
				"application/vnd.mobius.mbk",
				"application/vnd.mobius.mqy",
				"application/vnd.mobius.msl",
				"application/vnd.mobius.plc",

-----------------------

The above example uses a self-signed certificate. This is convenient for testing but not
representative of real-world HTTPS deployment. To get closer to that we can use `HeldCertificate`
to generate a trusted root certificate, an intermediate certificate, and a server certificate.
We use `certificateAuthority(int)` to create certificates that can sign other certificates. The

{{/*
Formats volumeMount for MinIO TLS keys and trusted certs
*/}}
{{- define "minio.tlsKeysVolumeMount" -}}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume
  mountPath: {{ .Values.certsPath }}
{{- end }}
{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }}
{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }}
- name: trusted-cert-secret-volume
  mountPath: {{ $casPath }}
{{- end }}

    /**
     * Cache of trusted domains for DFS resolution
     */
    protected CacheEntry _domains = null; /* aka trusted domains cache */
    /**
     * Cache of DFS referrals
     */
    protected CacheEntry referrals = null;

    /**
     * Gets the map of trusted domains for DFS resolution
     * @param auth the authentication credentials
     * @return a map of trusted domain names to domain controllers

```
kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt
```

The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter:

```
trustedCertsSecret: "minio-trusted-certs"

or

--set trustedCertsSecret=minio-trusted-certs
```

### Create buckets after install

 *
 * <p>This interface is intended for internal use.</p>
 */
public interface DfsResolver {

    /**
     * Checks if a domain is trusted for DFS operations
     * @param tf the CIFS context
     * @param domain the domain name to check
     * @return whether the given domain is trusted
     * @throws CIFSException if the operation fails
     */
    boolean isTrustedDomain(CIFSContext tf, String domain) throws CIFSException;

    <glob pattern="*.mmmp"/>
    <glob pattern="*.mmas"/>
  </mime-type>

  <mime-type type="application/vnd.minisoft-hp3000-save"/>
  <mime-type type="application/vnd.mitsubishi.misty-guard.trustweb"/>
  <mime-type type="application/vnd.mobius.daf">
    <glob pattern="*.daf"/>
  </mime-type>
  <mime-type type="application/vnd.mobius.dis">
    <glob pattern="*.dis"/>
  </mime-type>

		if err != nil {
			logger.Fatal(fmt.Errorf("invalid arguments passed, trusted user certificate authority public key file is not accessible: %v", err), "unable to start SFTP server")
		}

		globalSFTPTrustedCAPubkey, _, _, _, err = ssh.ParseAuthorizedKey(keyBytes)
		if err != nil {

* Caddy (that can also handle certificate renewals)
* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

Before Let's Encrypt, these **HTTPS certificates** were sold by trusted third parties.

The process to acquire one of these certificates used to be cumbersome, require quite some paperwork and the certificates were quite expensive.

    /** The SAM database does not have a computer account for this workstation trust relationship */
    int NT_STATUS_NO_TRUST_SAM_ACCOUNT = 0xC000018b;
    /** The trust relationship between the primary domain and the trusted domain failed */
    int NT_STATUS_TRUSTED_DOMAIN_FAILURE = 0xC000018c;
    /** The trust relationship between this workstation and the primary domain failed */
    int NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE = 0xC000018d;