pkg net/http, method (*Server) ServeTLS(net.Listener, string, string) error
pkg net/http/fcgi, func ProcessEnv(*http.Request) map[string]string
pkg net/http/httptest, method (*Server) Certificate() *x509.Certificate
pkg net/http/httptest, method (*Server) Client() *http.Client
pkg reflect, func MakeMapWithSize(Type, int) Value
pkg runtime/pprof, func Do(context.Context, LabelSet, func(context.Context))

	public final fun -deprecated_keyPair ()Ljava/security/KeyPair;
	public fun <init> (Ljava/security/KeyPair;Ljava/security/cert/X509Certificate;)V
	public final fun certificate ()Ljava/security/cert/X509Certificate;
	public final fun certificatePem ()Ljava/lang/String;
	public static final fun decode (Ljava/lang/String;)Lokhttp3/tls/HeldCertificate;
	public final fun keyPair ()Ljava/security/KeyPair;

## 2. Create Kubernetes secret

[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.
We'll use secrets to hold the TLS certificate and key. To create a secret, update the paths to `private.key` and `public.crt`
below.

Then type

```sh
kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt
```

    e is InterruptedIOException -> false

    // If the problem was a CertificateException from the X509TrustManager, do not retry.
    e is SSLHandshakeException && e.cause is CertificateException -> false

    // e.g. a certificate pinning error.
    e is SSLPeerUnverifiedException -> false

    // Retry for all other SSL failures.
    e is SSLException -> true

    else -> false

  /**
   * Configure the server to [want client auth][SSLSocket.setWantClientAuth]. If the
   * client presents a certificate that is [trusted][TrustManager] the handshake will
   * proceed normally. The connection will also proceed normally if the client presents no
   * certificate at all! But if the client presents an untrusted certificate the handshake
   * will fail and no connection will be established.
   */
  public fun requestClientAuth() {

pkg crypto/x509, type Certificate struct, ExcludedEmailAddresses []string
pkg crypto/x509, type Certificate struct, ExcludedIPRanges []*net.IPNet
pkg crypto/x509, type Certificate struct, ExcludedURIDomains []string
pkg crypto/x509, type Certificate struct, PermittedEmailAddresses []string
pkg crypto/x509, type Certificate struct, PermittedIPRanges []*net.IPNet
pkg crypto/x509, type Certificate struct, PermittedURIDomains []string

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.pac;

import jcifs.CIFSException;

/**
 * Exception thrown when PAC (Privilege Attribute Certificate) data cannot be decoded.
 * Indicates malformed or invalid PAC structures in Kerberos tickets.
 */
public class PACDecodingException extends CIFSException {

    private static final long serialVersionUID = 1L;

- [ ] Make sure that all commits are [signed off](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff) to indicate that you agree to the terms of [Developer Certificate of Origin](https://developercertificate.org/).

For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`:

```

          // TLSv1.2 Events
          // Produced ClientHello handshake message
          // Consuming ServerHello handshake message
          // Consuming server Certificate handshake message
          // Consuming server CertificateStatus handshake message
          // Found trusted certificate
          // Consuming ECDH ServerKeyExchange handshake message
          // Consuming ServerHelloDone handshake message