`certgen` is a simple *Go* tool to generate self-signed certificates, and provides SAN certificates with DNS and IP entries:

```sh
./certgen -host "10.10.0.3,10.10.0.4,10.10.0.5"
```

A response similar to this one should be displayed:

```
2018/11/21 10:16:18 wrote public.crt
2018/11/21 10:16:18 wrote private.key
```

### 3.2 Use OpenSSL to Generate a Certificate

# MinIO Healthcheck

MinIO server exposes three un-authenticated, healthcheck endpoints liveness probe and a cluster probe at `/minio/health/live` and `/minio/health/cluster` respectively.

## Liveness probe

This probe always responds with '200 OK'. Only fails if 'etcd' is configured and unreachable. When liveness probe fails, Kubernetes like platforms restart the container.

```
livenessProbe:
  httpGet:
    path: /minio/health/live
    port: 9000

package http

import (
	"bytes"
	"io"
)

// RequestRecorder - records the
// of a given io.Reader
type RequestRecorder struct {
	// Data source to record
	io.Reader
	// Response body should be logged
	LogBody bool

	// internal recording buffer
	buf bytes.Buffer
	// total bytes read including header size
	bytesRead int
}

// Close is a no operation closer

//	path: 'bucket/' or '/bucket/' => Heal bucket
//	path: 'bucket/object' => Heal object
type healTask struct {
	bucket    string
	object    string
	versionID string
	opts      madmin.HealOpts
	// Healing response will be sent here
	respCh chan healResult
}

// healResult represents a healing result with a possible error
type healResult struct {
	result madmin.HealResultItem
	err    error
}

	} `xml:"AccessControlList"`
}

// PutBucketACLHandler - PUT Bucket ACL
// -----------------
// This operation uses the ACL subresource
// to set ACL for a bucket, this is a dummy call
// only responds success if the ACL is private.
func (api objectAPIHandlers) PutBucketACLHandler(w http.ResponseWriter, r *http.Request) {
	ctx := newContext(r, w, "PutBucketACL")

	defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))

                                 endpoint_url='http://localhost:9000',
                                 aws_access_key_id=response['Credentials']['AccessKeyId'],
                                 aws_secret_access_key=response['Credentials']['SecretAccessKey'],
                                 aws_session_token=response['Credentials']['SessionToken'],
                                 config=Config(signature_version='s3v4'),

All security bugs in [minio/minio](https://github,com/minio/minio) (or other minio/* repositories)
should be reported by email to ******@****.***. Your email will be acknowledged within 48 hours,
and you'll receive a more detailed response to your email within 72 hours indicating the next steps
in handling your report.

Please, provide a detailed explanation of the issue. In particular, outline the type of the security

| *Required*    | *No*                                           |

### Response Elements

XML response for this API is similar to [AWS STS AssumeRoleWithWebIdentity](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html#API_AssumeRoleWithWebIdentity_ResponseElements)

### Errors

| token          | string     | Token from the AssumeRoleWithCustomToken call for external verification |

### Response

If the token is valid and access is approved, the plugin must return a `200` (OK) HTTP status code.

A `200 OK` Response should have `application/json` content-type and body with the following structure:

```json
{
    "user": <string>,
    "maxValiditySeconds": <integer>,

// error if the server message is invalid.  Calling Step after a conversation
// completes is also an error.
func (x *XDGSCRAMClient) Step(challenge string) (response string, err error) {
	response, err = x.ClientConversation.Step(challenge)
	return
}

// Done returns true if the conversation is completed or has errored.
func (x *XDGSCRAMClient) Done() bool {
	return x.ClientConversation.Done()