From fd86e65e5ed9e34311c0f124ca23272fa67a06b8 Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Mon, 21 Jun 2021 18:15:57 -0700
Subject: [PATCH] fix: console should trust itself with its own public.crt
 (#827)

---
 pkg/certs/certs.go           | 4 ++++
 restapi/configure_console.go | 5 -----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/pkg/certs/certs.go b/pkg/certs/certs.go
index 527cc55e1..05e1075cb 100644
--- a/pkg/certs/certs.go
+++ b/pkg/certs/certs.go
@@ -325,5 +325,9 @@ func GetAllCertificatesAndCAs() (*x509.CertPool, []*x509.Certificate, *xcerts.Ma
 	if rootCAs == nil {
 		rootCAs = &x509.CertPool{}
 	}
+	// Add the public crts as part of root CAs to trust self.
+	for _, publicCrt := range publicCerts {
+		rootCAs.AddCert(publicCrt)
+	}
 	return rootCAs, publicCerts, certsManager, nil
 }
diff --git a/restapi/configure_console.go b/restapi/configure_console.go
index b28d9e691..0c1ff74af 100644
--- a/restapi/configure_console.go
+++ b/restapi/configure_console.go
@@ -147,11 +147,6 @@ func configureAPI(api *operations.ConsoleAPI) http.Handler {
 
 // The TLS configuration before HTTPS server starts.
 func configureTLS(tlsConfig *tls.Config) {
-	// Add the global public crts as part of global root CAs
-	for _, publicCrt := range GlobalPublicCerts {
-		GlobalRootCAs.AddCert(publicCrt)
-	}
-
 	tlsConfig.RootCAs = GlobalRootCAs
 	tlsConfig.GetCertificate = GlobalTLSCertsManager.GetCertificate
 }