How to disable SSL verification for proxy-mode in datasource plugins

Hello everybody,

I am currently trying to write my own datasource plugin by following this guide from the docs, but I am getting the following error messages in my logs:

logger=data-proxy-log userId=0 orgId=1 uname= 
testsource/v1 remote_addr= referer=
-0e14c7b5afb7 t=2023-07-03T12:30:05.085512256Z level=error 
msg="Proxy request failed" err="tls: failed to verify certificate: x509: 
cannot validate certificate for because it doesn't contain any IP SANs"

As you can see I am using a self-signed certificate and access the API via IP - this is a common scenario for us so I’d really need to know if I can deactivate SSL verification in my call to getBackendSrv().dataSourceRequest(), which currently looks like this (implemented in the healtcheck):

async testDatasource() {
    const routePath = "/testsource";
    const fullUrl = this.url + routePath + "/v1";

    const result = await getBackendSrv().datasourceRequest({
      method: "GET",
      url: fullUrl,
      responseType: "json",
      headers: {
        "Accept": "application/json",

    if (result.status !== 200) {
      return {
        status: 'error',
        message: 'Error',

    } else {
      return {
        status: 'success',
        message: 'Success',

Edit: I did some digging in the official source code and found lots of information e.g. on the Prometheus datasource’s ConfigEditor.ts - could I reuse code from there, since it’s a similar scenario (Grafana connecting to an instance with an unknown certificate on my behalf)?

Any help is highly appreciated,
Best regards,

I believe, you can connect using http:// instead of HTTPS, then certificates won’t be an issue.
We are using let’s encrypt with certbot to get certificates for a secure HTTPS connections and have no problems with proxy mode.

This won’t work unfortunately as the API endpoint enforces HTTPS on its end. In a similar fashion, creating a (valid) certificate for the API will mess up other parts of the stack, as the tool behind it functions as its own CA.

1 Like

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.