Hi there Willem, > Of course the certificate check fails, as the certificate is > created by our private CA for the fqdn name of the InfluxDB server.
It's a basic principle of PKI that if the CA cert is not in the local trusted CA cert bundle, the user needs to take manual action to bypass the cert check. (That's the way browsers and clients like cURL work as well.) > The influx cli should automatically detect: > 1. That the server uses https > 2. That the hostname is not localhost This can never safely be done automatically, because it means that if someone compromises DNS (or if your DNS server is simply managed by an untrusted party, like on a public network) you would connect to *any* malicious site without any warning. Even using -unsafeSsl is questionable for the same reason, since it doesn't care what cert is in use. Adding the CA cert to your OS's cert store is a better call. -- Sanford -- Remember to include the version number! --- You received this message because you are subscribed to the Google Groups "InfluxData" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/influxdb. To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/996569240.20170126181112%40figureone.com. For more options, visit https://groups.google.com/d/optout.
