"X-Amz-Server-Side-Encryption":                []string{""},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
			"X-Amz-Server-Side-Encryption-Context":        []string{""},
		},
		Expected: true,
	}, // 4
	{
		Header: http.Header{
			"X-Amz-Server-Side-Encryption":                []string{"AES256"},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
		},
		Expected: true,
	}, // 5

        ).build()
    server.useHttps(serverHandshakeCertificates.sslSocketFactory())
    server.enqueue(MockResponse())

    // Make a request from client to server. It should succeed certificate checks (unfortunately the
    // rogue CA is trusted) but it should fail certificate pinning.
    val request =
      Request
        .Builder()
        .url(server.url("/"))
        .build()

Recommendations
---------------

Typically servers need a held certificate plus a chain of intermediates. Servers only need the
private key for their own certificate. The chain served by a server doesn't need the root
certificate.

The trusted roots don't need to be the same for client and server when using client authentication.
Clients might rely on the platform certificates and servers might use a private

The scrape configurations should use all the servers under `targets` so that graphing systems like
grafana can visualize them for all the nodes

```yaml
scrape_configs:
- job_name: minio-job
  metrics_path: /minio/v2/metrics/node
  scheme: http
  static_configs:
  - targets: ['server1:9000','server2:9000','server3:9000','server4:9000']
```

        List<SettingsProblem> problems = new ArrayList<>();

        List<Server> servers = new ArrayList<>();

        for (Server server : request.getServers()) {
            server = server.clone();

            String password = server.getPassword();
            if (securityDispatcher.isAnyEncryptedString(password)) {
                try {

  fun multipleDnsLookupsForSingleCall() {
    server.enqueue(
      MockResponse
        .Builder()
        .code(301)
        .setHeader("Location", "http://www.fakeurl:" + server.port)
        .build(),
    )
    server.enqueue(MockResponse())
    val dns = FakeDns()
    dns["fakeurl"] = client.dns.lookup(server.hostName)
    dns["www.fakeurl"] = client.dns.lookup(server.hostName)
    client =
      client

        .signedBy(rootCa)
        .serialNumber(2L)
        .commonName(server.hostName)
        .addSubjectAlternativeName(server.hostName)
        .addSubjectAlternativeName("san.com")
        .addSubjectAlternativeName("*.wildcard.com")
        .addSubjectAlternativeName("differentdns.com")
        .build()
    serverIps = Dns.SYSTEM.lookup(server.hostName)
    dns[server.hostName] = serverIps
    dns["san.com"] = serverIps

    }

    upstream console {
        ip_hash;
        server minio1:9001;
        server minio2:9001;
        server minio3:9001;
        server minio4:9001;
        server minio5:9001;
        server minio6:9001;
        server minio7:9001;
        server minio8:9001;
    }

    server {
        listen       9000;
        listen  [::]:9000;
        server_name  localhost;

    assertThat(webSocket.receivedPongCount()).isEqualTo(0)
    assertThat(server.sentPingCount()).isEqualTo(0)
    assertThat(server.receivedPingCount()).isEqualTo(0)
    assertThat(server.receivedPongCount()).isEqualTo(0)
    closeWebSockets(webSocket, server)
  }

  /**
   * Configure the websocket to send pings every 500 ms. Artificially prevent the server from

    server.webSocket!!.tearDown()
    client.webSocket!!.tearDown()
    taskFaker.close()
  }

  @Test
  fun close() {
    client.webSocket!!.close(1000, "Hello!")
    // This will trigger a close response.
    assertThat(server.processNextFrame()).isFalse()
    server.listener.assertClosing(1000, "Hello!")
    server.webSocket!!.finishReader()
    server.webSocket!!.close(1000, "Goodbye!")