On 07/04/2023 10:29, Boyu Du wrote:
Hi Team,
I enabled mTLS on Prometheus server via web-config:
tls_server_config:
cert_file: <Prometheus server cert>
key_file: <Prometheus server key>
client_auth_type: RequireAndVerifyClientCert
client_ca_file: <CA file that singed server cert above>
This worked fine since all my underlying Prometheus Agent and Grafana
could talk with this server successfully. However, when I tried to
check the targets it monitors via browser, it says:
"The connection for this site is not secure. <Prometheus Server>
didn't accept your login certificate, or a login certificate may not
have been provided."
And from the log file of Prometheus Server:
"caller=stdlib.go:105 level=error component=web caller="http: TLS
handshake error from <server I accessed Prometheus Server>" msg="tls:
client didn't provide a certificate""
The server I access the Prometheus Server URL is a windows and it has
cert imported, which is signed by the same CA.
May I know what I missed in the config?
How have you configured the Windows machine? Have you just imported the
CA into Windows, or did you generate a client certificate and import /
configure that too?
--
Stuart Clark
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/d11a6665-48db-e1ac-3226-ad101ff7776a%40Jahingo.com.
