Authentication behind a https client certificate

[Syndlex]

Our Grafana is running behind a self signed certificat.

I get this error while executing dash list

time="2021-11-29T13:39:10+01:00" level=warning msg="Error getting organizations: Get \"https://xxx.xxx/api/orgs\": local error: tls: no renegotiation"
time="2021-11-29T13:39:10+01:00" level=fatal msg="Failed to retrieve dashboardsGet \"https://xxx.xxx/api/search?type=dash-db\": local error: tls: no renegotiation"

[safaci2000]

@Syndlex did you try setting the ignore_ssl_errors to true?

[Syndlex]

Yes I did.

To correct myself. The entire domain has a Authentication behind a https client certificate. Just looked at the Certificat it is not self signed.

[safaci2000]

I don't think that's a standard auth mechanism for Grafana. Can you tell me what auth method you're using from here. It sounds like you're using auth proxy to an internal provider.

GDG is using this sdk which currently only supports: API tokens and Basic Auth. We can certainly put in a pull request but before doing that If you can confirm your use case.

[Syndlex]

The entire domain is behind a reverse Proxy. To get over this reverse Proxy you have to send a Zertifikate.

It has nothing to do with the authentication of grafana. It is a feature within the SSL/TLS stack https://www.ssltrust.com.au/help/setup-guides/client-certificate-authentication

https://gist.github.com/michaljemala/d6f4e01c4834bf47a9c4

This could be sample code for the connection. But i am not 100% sure. Just looked it up on my phone.

[safaci2000]

I think this would enable this to work, not 100% sure since I have no environment to test this.

https://stackoverflow.com/questions/57420833/tls-no-renegotiation-error-on-http-request

Seems the same error you were getting. I can add a ticket to make that a configurable boolean behavior you can enable.

I'll get a patch out after the 1st of the year and holiday break and you can let me know if it works for you.

[Syndlex]

I can try it next year. I could try it on a Branch. I have no time to contribute myself.

I dont think this alone will work. Like I said. There is a Authentication before I get to Grafana.

these would be the stepps to add a authentication certifikat in firefox. https://www.client-authentifizierung.de/en/browser/firefox/firefox-under-linux

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[github-actions[bot]]

This issue was closed because it has been stalled for 5 days with no activity.