On 07/04/2023 10:29, Boyu Du wrote:
Hi Team,
I enabled mTLS on Prometheus server via web-config:
tls_server_config:
cert_file: <Prometheus server cert>
key_file: <Prometheus server key>
client_auth_type: RequireAndVerifyClientCert
client_ca_file: <CA file that singed server cert above>
This worked fine since all my underlying Prometheus Agent and Grafana
could talk with this server successfully. However, when I tried to
check the targets it monitors via browser, it says:
"The connection for this site is not secure. <Prometheus Server>
didn't accept your login certificate, or a login certificate may not
have been provided."
And from the log file of Prometheus Server:
"caller=stdlib.go:105 level=error component=web caller="http: TLS
handshake error from <server I accessed Prometheus Server>" msg="tls:
client didn't provide a certificate""
The server I access the Prometheus Server URL is a windows and it has
cert imported, which is signed by the same CA.
May I know what I missed in the config?
How have you configured the Windows machine? Have you just imported the
CA into Windows, or did you generate a client certificate and import /
configure that too?
--
Stuart Clark
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/d11a6665-48db-e1ac-3226-ad101ff7776a%40Jahingo.com.