Datasource TLS verification in v.4.6.2 (bug?) + datasource API setup (question)

basg · November 17, 2017, 1:37pm

After updating to Grafana version 4.6.2 (from 4.5.2) datasources became unreachable because of a TLS certificate error, which was resolved by switching on “Skip TLS Verification (Insecure)”.

The error message is as follows:

 **redacted** grafana-server: 2017/11/16 15:11:22 http: proxy error: x509: certificate is valid for **hostname redacted**, not localhost
**redacted** influxd: 2017/11/16 15:11:22 http: TLS handshake error from [::1]:44042: remote error: tls: bad certificate

We are running grafana + influxdb on a single host. We are using TLS for the connection to the datasource (on localhost), with a selfsigned certificate that is indeed not signed to ‘localhost’, but to the fqdn of the server. In this sense, the error message makes sense. The problem is that the behaviour seems to have changed after the update.

My questions:

Is this a behaviour that was changed on purpose, and is the intended behavior the one as exhibited in v4.6.2? Or are we dealing with a bug here (as this change effectively temporarily broke our grafana setup)? If this is not intended, i will be glad to file a GitHub issue.
How do i define the “Skip TLS verification” setting through the datasource API? I could not find any documentation on this, but perhaps i overlooked something.

Thanks in advance for looking into this.

torkel · November 17, 2017, 1:57pm

Yes in v4.6 we changed the default behavior of always verifying certificates, you now have to check Skip TLS Verification (Insecure)” if you want Grafana to accept self signed certs.

basg · November 17, 2017, 2:02pm

Good to know, thanks for clearing that up!

Now my second question;
How do I specify this through the create/update datasource API?
Or is this setting defined elsewhere.
I wasn’t able to find out from the documentation how to accomplish this.
If it’s just there and i overlooked, please point me to the right place.
Again, thank you!

torkel · November 17, 2017, 2:22pm

jsonData.tlsSkipVerify

pradipchavhan · March 14, 2019, 6:42am

Hi,
I am facing following error while connecting datasource to MS-SQL server.

Error connecting to datasource: TLS Handshake failed: x509: certificate signed by unknown authority

I tried to changed in default.ini and custom.ini files with setting “tls_skip_verify_insecure = true”
but issue not yet resolved.
I am using windows-2017.

Topic		Replies	Views
Error connecting to datasource: x509: certificate is valid for ubuntu, not localhost Configuration	2	1072	July 9, 2019
How to skip TLS verification for plugins using data source proxy Grafana Plugin Development datasource	2	1805	September 16, 2022
How to disable SSL verification for proxy-mode in datasource plugins Grafana Plugin Development plugins , datasource	3	186	July 2, 2024
Unable to load TLS certificate Grafana	4	3442	August 5, 2018
502 Bad Gateway when upgrade Grafana to 4.6.0 from 4.5.2 Grafana	4	6282	November 1, 2017

Datasource TLS verification in v.4.6.2 (bug?) + datasource API setup (question)

Related topics