Welcome to the upcoming version of the MinIO Documentation! The content on this page is under active development and may change at any time. If you can't find what you're looking for, check our legacy documentation. Thank you for your patience.

MinIO Transport Layer Security

Table of Contents


The MinIO server supports enabling TLS encryption of incoming and outgoing traffic. MinIO recommends all MinIO servers run with TLS enabled to ensure end-to-end security of client-server or server-server transmissions.

The MinIO server looks for a private key private.key and public certificate public.crt in the following directories:

  • Linux/OSX : ${HOME}/.minio/certs

  • Windows : %%USERPROFILE%%\.minio\certs

MinIO only supports keys and certificates in the PEM format.

You can customize the certificate directory by passing the --certs-dir option to minio server. The certs directory must also include any intermediate certificates required to establish a chain of trust to the root CA.

For more information, see How to secure access to MinIO server with TLS.