Discussion:
[influxdb] Setting up self-signed SSL for use with InfluxDB - failed to parse key PEM data
Victor Hooi
2015-09-03 03:43:33 UTC
Permalink
I'm running InfluxDB on OSX, which I have working with HTTP. I'm now trying
to enable SSL for both 8083 and 8086, using a self-signed certificate.

I'm following the following guide to generate a self-signed PEM file:

https://msol.io/blog/tech/2014/09/30/create-a-self-signed-ssl-certificate-with-openssl/

Specifically, the commands are:

openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out csr.pem
openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem
This is the contents of my certificate.pem (I don't have any issues pasting
this, since this a local test):

-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMn2Y4OQRukTMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDAeFw0xNTA5MDMwMzM2NDRaFw0xNjA5MDIwMzM2NDRaMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqVTtsPLURL
cjXWgqYeiao+rXEmqpUMlBbcHsFp7H7cmJGCOBtpYDncm1wAJ3QsKxHg+rt5LXWf
j/7MpDxTsOxNdZyBBSVicaKtHWnqFFDu6D0BWrmW2Zzw4Bu+Xmoy+eSYgxJR9DCv
O8DsgSo+UR41DGhGYrlsxmdv21OxTE7IlUuQmCVCpiIC65+mSzGhSS87wPkakm2P
hDXzsJvX8yDK67/hNXLWAZn6lpsupOjLoG0MhPV7GchYS4HN+f+QO8UiJhoa59uV
Nhz5K7Kd47ymeZJPd2qYZRQSs/jpFx3o1GZMUr9ViWK4RRs2DovmmBlFkLf3E47z
XUm4Q3sJ8qECAwEAAaOBoDCBnTAdBgNVHQ4EFgQU2DI6wxURUk/fIbHDBAXPngtW
PqswbgYDVR0jBGcwZYAU2DI6wxURUk/fIbHDBAXPngtWPquhQqRAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAMn2Y4OQRukTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAJGOC/uN2zipovwg2TyFDGhhup263uw6DaaAljD2nInzmjyqjNqvAQv4j16+
USBSASxlAc3FSbcBGpRiA3rYQWoiqsP4WDdP77G8PkxFbmFsCfqoZ3kXQHqd4kVT
Kf0jCqZ6tKTQ6i/H8OSsrfI196TuXV460QLj2dM/wfkaTidx1Qtt7vFA7AH8HJG1
a2d4zsWRLr3AfM6a2Jz2u/lUVpCvL4/25nSvhn8zmYVg+fd2x1jDWz6+jgw/GNra
Zmcx9MYMIa/bcPfFmNAV6bneCQWCG+Oe3DJZ1gNaCHvKiqWvaZd6SBQtANrrQYog
W9f5o7RYmjYl08iARwD0hbwZNSQ=
-----END CERTIFICATE-----
In my influxdb.conf, I then have:

[admin]
enabled = true
bind-address = ":8083"
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
[http]
enabled = true
bind-address = ":8086"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
When I try to startup InfluxDB, I get:

influxd -config /usr/local/etc/influxdb.conf
8888888 .d888 888 8888888b. 888888b.
888 d88P" 888 888 "Y88b 888 "88b
888 888 888 888 888 888 .88P
888 88888b. 888888 888 888 888 888 888 888 888 8888888K.
888 888 "88b 888 888 888 888 Y8bd8P' 888 888 888 "Y88b
888 888 888 888 888 888 888 X88K 888 888 888 888
888 888 888 888 888 Y88b 888 .d8""8b. 888 .d88P 888 d88P
8888888 888 888 888 888 "Y88888 888 888 8888888P" 8888888P"
2015/09/03 13:38:02 InfluxDB starting, version 0.9.4-HEAD, branch unknown,
commit b4970d4eb418fc6ea44b3d175f430e162e9dd9c5
2015/09/03 13:38:02 Go version go1.5, GOMAXPROCS set to 4
2015/09/03 13:38:02 Using configuration at: /usr/local/etc/influxdb.conf
[monitor] 2015/09/03 13:38:02 starting monitor service for cluster 0, host
localhost
[monitor] 2015/09/03 13:38:02 'runtime:map[]' registered for monitoring
...
[handoff] 2015/09/03 13:38:02 Using data dir: /usr/local/var/influxdb/hh
[tcp] 2015/09/03 13:38:02 Starting cluster service
[shard-precreation] 2015/09/03 13:38:02 Starting precreation service with
check interval of 10m0s, advance period of 30m0s
[snapshot] 2015/09/03 13:38:02 Starting snapshot service
[admin] 2015/09/03 13:38:02 Starting admin service
[snapshot] 2015/09/03 13:38:02 snapshot listener closed
[tcp] 2015/09/03 13:38:02 cluster service accept error: network connection
closed
[shard-precreation] 2015/09/03 13:38:02 Precreation service terminating
[retention] 2015/09/03 13:38:02 retention policy enforcement terminating
run: open server: open service: crypto/tls: failed to parse key PEM data
I'm guessing I went wrong somewhere with the PEM key generation, and
InfluxDB isn't liking this particular format somehow - any thoughts?

Thanks,
Victor
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/a276896b-a713-4fe1-b2a4-1a151fa0628a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Victor Hooi
2015-09-03 04:13:51 UTC
Permalink
Hi Todd,

I can confirm that worked =):

cat key.pem certificate.pem > blah.pem


And so now I have:

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqpVO2w8tREtyNdaCph6Jqj6tcSaqlQyUFtwewWnsftyYkYI4
G2lgOdybXAAndCwrEeD6u3ktdZ+P/sykPFOw7E11nIEFJWJxoq0daeoUUO7oPQFa
uZbZnPDgG75eajL55JiDElH0MK87wOyBKj5RHjUMaEZiuWzGZ2/bU7FMTsiVS5CY
JUKmIgLrn6ZLMaFJLzvA+RqSbY+ENfOwm9fzIMrrv+E1ctYBmfqWmy6k6MugbQyE
9XsZyFhLgc35/5A7xSImGhrn25U2HPkrsp3jvKZ5kk93aphlFBKz+OkXHejUZkxS
v1WJYrhFGzYOi+aYGUWQt/cTjvNdSbhDewnyoQIDAQABAoIBAGq/jN1hHf7DB/HR
D2lNavDy0C8i91TWzkWP8l8vHiQ1f/Ru/RWKWAFdoItuPUJh8YH6vG1dY6lb9QyK
m6x04x69SoBp7QJ8HIiktOd26MfM+eBTXKcPU5b21ggGlab3x5HaLwvj5WAiCM6u
MhZxcOnqYJ1Qjq9i9rX8NdCl/w69Sb7zwa1bKUg5VXZLOoMDhZ9Q2JItOifRR87n
Lyqu1sbaSxz6nQ/WF39II//LUgVOguNVxcl4uN5AjG49Sdm5ARgptr/Zk4R59qiq
xw0LY3FlhZyohiNfTh+IZB0XdLB7JG5KdBD+UvFhfr/TedPSwbPdKyNN/fimDvHj
NBniFAECgYEA06KsyoiY3c7CKyspQiaOJE6E3Kj8O7RLuFKZnhfam8yypczNxCJ8
mh8t4wzSEBhtpGFriFlwfvpmapkehDrPVyoDPpwJQlXEwzdKt66xWeUwGGATYJms
j6I+zsJTPTCNT67Ixo6Xwy7g+2Xk2maX8dbZibTvjBAUzlnRrtZM6ZECgYEAzleV
bHpzj1OPqoKdvSApCYt1DRehBVIMpM/CDWkPrwgVqg1Ojgl+lg/c1dzqiixsA/lM
SYql1871rpSU1+ANDb8VH5yHOevmgFBP5mVvWCZbMgR6vfrCU73XKx1+sc2y4Hdm
+BtagCsTCUgkU0kbrfu4Ax0jorgyR5P6niZPcBECgYBDTC92GAnEPsMvxwHPr0Lz
+KP3JyVONv79FgcTZrJ1aJpGbuHfxLeqqs+Eq8cAp0P2SaRQL2C+gBGhRB+YHLti
FFIDzsqC9ZMkIKj5z+tFksPAfIys4zEkW4ttZA3kH1RQSlw+B4nq3zVbvAMSEB2x
IYj7aTXjbBmxpI4w8qRygQKBgDXRKBrL8TnvnGfne0apjap8ogHRKOEfXkbaHQ2s
WjfXjvb0U4m+NjLjXkC1RsLVBTMgIWKI8+pOg0uOWyfWuvDb5qGBDM/xlAPhboVz
7U97aYupGW5Vabu3ptgK8FFligL7gXKyh68oDOX91+OVDNAa+Apv3iyBiDOdB9+Z
tFxRAoGBAIakKNqQF9++oSbYUVE8oLgM4xSsS9h5uqnj9spaekXa+TkX4h4f/9K6
Yvafq0vGebO0O9jRaNX1h2Q204x/8CBiRvuPZfpKk6Gwjf/2PHf2NSDpm/OaYXB/
1DQj+dYm6P/M/8PmetS/XXyJ5efM9100p2LSBsF/imL/QZOT2pKs
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMn2Y4OQRukTMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDAeFw0xNTA5MDMwMzM2NDRaFw0xNjA5MDIwMzM2NDRaMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqVTtsPLURL
cjXWgqYeiao+rXEmqpUMlBbcHsFp7H7cmJGCOBtpYDncm1wAJ3QsKxHg+rt5LXWf
j/7MpDxTsOxNdZyBBSVicaKtHWnqFFDu6D0BWrmW2Zzw4Bu+Xmoy+eSYgxJR9DCv
O8DsgSo+UR41DGhGYrlsxmdv21OxTE7IlUuQmCVCpiIC65+mSzGhSS87wPkakm2P
hDXzsJvX8yDK67/hNXLWAZn6lpsupOjLoG0MhPV7GchYS4HN+f+QO8UiJhoa59uV
Nhz5K7Kd47ymeZJPd2qYZRQSs/jpFx3o1GZMUr9ViWK4RRs2DovmmBlFkLf3E47z
XUm4Q3sJ8qECAwEAAaOBoDCBnTAdBgNVHQ4EFgQU2DI6wxURUk/fIbHDBAXPngtW
PqswbgYDVR0jBGcwZYAU2DI6wxURUk/fIbHDBAXPngtWPquhQqRAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAMn2Y4OQRukTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAJGOC/uN2zipovwg2TyFDGhhup263uw6DaaAljD2nInzmjyqjNqvAQv4j16+
USBSASxlAc3FSbcBGpRiA3rYQWoiqsP4WDdP77G8PkxFbmFsCfqoZ3kXQHqd4kVT
Kf0jCqZ6tKTQ6i/H8OSsrfI196TuXV460QLj2dM/wfkaTidx1Qtt7vFA7AH8HJG1
a2d4zsWRLr3AfM6a2Jz2u/lUVpCvL4/25nSvhn8zmYVg+fd2x1jDWz6+jgw/GNra
Zmcx9MYMIa/bcPfFmNAV6bneCQWCG+Oe3DJZ1gNaCHvKiqWvaZd6SBQtANrrQYog
W9f5o7RYmjYl08iARwD0hbwZNSQ=
-----END CERTIFICATE-----
Not sure if the ordering matters but the above worked.

Just curious how you knew it was the above? Is this just something that you
normally need to do, or is it documented somewhere? (I do recall that
Grafana asks you for a separate cert file and cert key.)

Thanks,
Victor
Victor,
I believe you'll need to concatenate the key and certificate into a single
file. Let me know if that doesn't work.
Todd
Post by Victor Hooi
I'm running InfluxDB on OSX, which I have working with HTTP. I'm now
trying to enable SSL for both 8083 and 8086, using a self-signed
certificate.
https://msol.io/blog/tech/2014/09/30/create-a-self-signed-ssl-certificate-with-openssl/
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out csr.pem
openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem
This is the contents of my certificate.pem (I don't have any issues
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMn2Y4OQRukTMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDAeFw0xNTA5MDMwMzM2NDRaFw0xNjA5MDIwMzM2NDRaMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqVTtsPLURL
cjXWgqYeiao+rXEmqpUMlBbcHsFp7H7cmJGCOBtpYDncm1wAJ3QsKxHg+rt5LXWf
j/7MpDxTsOxNdZyBBSVicaKtHWnqFFDu6D0BWrmW2Zzw4Bu+Xmoy+eSYgxJR9DCv
O8DsgSo+UR41DGhGYrlsxmdv21OxTE7IlUuQmCVCpiIC65+mSzGhSS87wPkakm2P
hDXzsJvX8yDK67/hNXLWAZn6lpsupOjLoG0MhPV7GchYS4HN+f+QO8UiJhoa59uV
Nhz5K7Kd47ymeZJPd2qYZRQSs/jpFx3o1GZMUr9ViWK4RRs2DovmmBlFkLf3E47z
XUm4Q3sJ8qECAwEAAaOBoDCBnTAdBgNVHQ4EFgQU2DI6wxURUk/fIbHDBAXPngtW
PqswbgYDVR0jBGcwZYAU2DI6wxURUk/fIbHDBAXPngtWPquhQqRAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAMn2Y4OQRukTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAJGOC/uN2zipovwg2TyFDGhhup263uw6DaaAljD2nInzmjyqjNqvAQv4j16+
USBSASxlAc3FSbcBGpRiA3rYQWoiqsP4WDdP77G8PkxFbmFsCfqoZ3kXQHqd4kVT
Kf0jCqZ6tKTQ6i/H8OSsrfI196TuXV460QLj2dM/wfkaTidx1Qtt7vFA7AH8HJG1
a2d4zsWRLr3AfM6a2Jz2u/lUVpCvL4/25nSvhn8zmYVg+fd2x1jDWz6+jgw/GNra
Zmcx9MYMIa/bcPfFmNAV6bneCQWCG+Oe3DJZ1gNaCHvKiqWvaZd6SBQtANrrQYog
W9f5o7RYmjYl08iARwD0hbwZNSQ=
-----END CERTIFICATE-----
[admin]
enabled = true
bind-address = ":8083"
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
[http]
enabled = true
bind-address = ":8086"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
influxd -config /usr/local/etc/influxdb.conf
8888888 .d888 888 8888888b. 888888b.
888 d88P" 888 888 "Y88b 888 "88b
888 888 888 888 888 888 .88P
888 88888b. 888888 888 888 888 888 888 888 888 8888888K.
888 888 "88b 888 888 888 888 Y8bd8P' 888 888 888 "Y88b
888 888 888 888 888 888 888 X88K 888 888 888 888
888 888 888 888 888 Y88b 888 .d8""8b. 888 .d88P 888 d88P
8888888 888 888 888 888 "Y88888 888 888 8888888P" 8888888P"
2015/09/03 13:38:02 InfluxDB starting, version 0.9.4-HEAD, branch
unknown, commit b4970d4eb418fc6ea44b3d175f430e162e9dd9c5
2015/09/03 13:38:02 Go version go1.5, GOMAXPROCS set to 4
2015/09/03 13:38:02 Using configuration at: /usr/local/etc/influxdb.conf
[monitor] 2015/09/03 13:38:02 starting monitor service for cluster 0,
host localhost
[monitor] 2015/09/03 13:38:02 'runtime:map[]' registered for monitoring
...
[handoff] 2015/09/03 13:38:02 Using data dir: /usr/local/var/influxdb/hh
[tcp] 2015/09/03 13:38:02 Starting cluster service
[shard-precreation] 2015/09/03 13:38:02 Starting precreation service
with check interval of 10m0s, advance period of 30m0s
[snapshot] 2015/09/03 13:38:02 Starting snapshot service
[admin] 2015/09/03 13:38:02 Starting admin service
[snapshot] 2015/09/03 13:38:02 snapshot listener closed
[tcp] 2015/09/03 13:38:02 cluster service accept error: network
connection closed
[shard-precreation] 2015/09/03 13:38:02 Precreation service terminating
[retention] 2015/09/03 13:38:02 retention policy enforcement terminating
run: open server: open service: crypto/tls: failed to parse key PEM data
I'm guessing I went wrong somewhere with the PEM key generation, and
InfluxDB isn't liking this particular format somehow - any thoughts?
Thanks,
Victor
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups
"InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an
<javascript:>.
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/a276896b-a713-4fe1-b2a4-1a151fa0628a%40googlegroups.com
<https://groups.google.com/d/msgid/influxdb/a276896b-a713-4fe1-b2a4-1a151fa0628a%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/b5fe6d70-ddc2-425e-ab8a-684c2ce867cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Victor Hooi
2015-09-03 04:49:57 UTC
Permalink
Hi,

Aha, yes, OK, I can see why you would know it quite intimately then =).

I'm also attempting to use the Influx CLI utility to connect to localhost -
however, I'm getting an error message about the certificate not being valid.
Connected to https://localhost:8086 version
InfluxDB shell 0.9.4-HEAD
show databases
certificate is valid for , not localhost
The above error seemed to be related to be not setting the Common Name to
the server FQDN when I ran openssl req -new -key key.pem -out csr.pem. I
re-ran the commands, and set it as follows:

Common Name (e.g. server FQDN or YOUR name) []:localhost
Connected to https://localhost:8086 version
InfluxDB shell 0.9.4-HEAD
show databases
certificate signed by unknown authority
Also, I see the following in the influxdb server logs:

2015/09/03 14:46:28 http: TLS handshake error from [::1]:49627: remote
error: bad certificate
Is there some option to ignore the "certificate signed by unknown authority" error
message?

Basically, is it possible to get InfluxDB CLI to work with self-signed
certificates?

Thanks,
Victor
Victor,
Unfortunately, I had an unfair advantage. I'm pretty sure I wrote the most
recent version of the HTTPS support, so I didn't need the docs. ;)
I'm not sure this is clearly documented anywhere yet, but it should be.
https://github.com/influxdb/influxdb.com/issues/284
<https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Finfluxdb%2Finfluxdb.com%2Fissues%2F284&sa=D&sntz=1&usg=AFQjCNHXCWO9KFiJ7GgjOiWwU84kk6fmCQ>
Thanks for letting us know that you'd gotten it to work!
Todd
Hi Todd,
cat key.pem certificate.pem > blah.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqpVO2w8tREtyNdaCph6Jqj6tcSaqlQyUFtwewWnsftyYkYI4
G2lgOdybXAAndCwrEeD6u3ktdZ+P/sykPFOw7E11nIEFJWJxoq0daeoUUO7oPQFa
uZbZnPDgG75eajL55JiDElH0MK87wOyBKj5RHjUMaEZiuWzGZ2/bU7FMTsiVS5CY
JUKmIgLrn6ZLMaFJLzvA+RqSbY+ENfOwm9fzIMrrv+E1ctYBmfqWmy6k6MugbQyE
9XsZyFhLgc35/5A7xSImGhrn25U2HPkrsp3jvKZ5kk93aphlFBKz+OkXHejUZkxS
v1WJYrhFGzYOi+aYGUWQt/cTjvNdSbhDewnyoQIDAQABAoIBAGq/jN1hHf7DB/HR
D2lNavDy0C8i91TWzkWP8l8vHiQ1f/Ru/RWKWAFdoItuPUJh8YH6vG1dY6lb9QyK
m6x04x69SoBp7QJ8HIiktOd26MfM+eBTXKcPU5b21ggGlab3x5HaLwvj5WAiCM6u
MhZxcOnqYJ1Qjq9i9rX8NdCl/w69Sb7zwa1bKUg5VXZLOoMDhZ9Q2JItOifRR87n
Lyqu1sbaSxz6nQ/WF39II//LUgVOguNVxcl4uN5AjG49Sdm5ARgptr/Zk4R59qiq
xw0LY3FlhZyohiNfTh+IZB0XdLB7JG5KdBD+UvFhfr/TedPSwbPdKyNN/fimDvHj
NBniFAECgYEA06KsyoiY3c7CKyspQiaOJE6E3Kj8O7RLuFKZnhfam8yypczNxCJ8
mh8t4wzSEBhtpGFriFlwfvpmapkehDrPVyoDPpwJQlXEwzdKt66xWeUwGGATYJms
j6I+zsJTPTCNT67Ixo6Xwy7g+2Xk2maX8dbZibTvjBAUzlnRrtZM6ZECgYEAzleV
bHpzj1OPqoKdvSApCYt1DRehBVIMpM/CDWkPrwgVqg1Ojgl+lg/c1dzqiixsA/lM
SYql1871rpSU1+ANDb8VH5yHOevmgFBP5mVvWCZbMgR6vfrCU73XKx1+sc2y4Hdm
+BtagCsTCUgkU0kbrfu4Ax0jorgyR5P6niZPcBECgYBDTC92GAnEPsMvxwHPr0Lz
+KP3JyVONv79FgcTZrJ1aJpGbuHfxLeqqs+Eq8cAp0P2SaRQL2C+gBGhRB+YHLti
FFIDzsqC9ZMkIKj5z+tFksPAfIys4zEkW4ttZA3kH1RQSlw+B4nq3zVbvAMSEB2x
IYj7aTXjbBmxpI4w8qRygQKBgDXRKBrL8TnvnGfne0apjap8ogHRKOEfXkbaHQ2s
WjfXjvb0U4m+NjLjXkC1RsLVBTMgIWKI8+pOg0uOWyfWuvDb5qGBDM/xlAPhboVz
7U97aYupGW5Vabu3ptgK8FFligL7gXKyh68oDOX91+OVDNAa+Apv3iyBiDOdB9+Z
tFxRAoGBAIakKNqQF9++oSbYUVE8oLgM4xSsS9h5uqnj9spaekXa+TkX4h4f/9K6
Yvafq0vGebO0O9jRaNX1h2Q204x/8CBiRvuPZfpKk6Gwjf/2PHf2NSDpm/OaYXB/
1DQj+dYm6P/M/8PmetS/XXyJ5efM9100p2LSBsF/imL/QZOT2pKs
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMn2Y4OQRukTMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDAeFw0xNTA5MDMwMzM2NDRaFw0xNjA5MDIwMzM2NDRaMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqVTtsPLURL
cjXWgqYeiao+rXEmqpUMlBbcHsFp7H7cmJGCOBtpYDncm1wAJ3QsKxHg+rt5LXWf
j/7MpDxTsOxNdZyBBSVicaKtHWnqFFDu6D0BWrmW2Zzw4Bu+Xmoy+eSYgxJR9DCv
O8DsgSo+UR41DGhGYrlsxmdv21OxTE7IlUuQmCVCpiIC65+mSzGhSS87wPkakm2P
hDXzsJvX8yDK67/hNXLWAZn6lpsupOjLoG0MhPV7GchYS4HN+f+QO8UiJhoa59uV
Nhz5K7Kd47ymeZJPd2qYZRQSs/jpFx3o1GZMUr9ViWK4RRs2DovmmBlFkLf3E47z
XUm4Q3sJ8qECAwEAAaOBoDCBnTAdBgNVHQ4EFgQU2DI6wxURUk/fIbHDBAXPngtW
PqswbgYDVR0jBGcwZYAU2DI6wxURUk/fIbHDBAXPngtWPquhQqRAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAMn2Y4OQRukTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAJGOC/uN2zipovwg2TyFDGhhup263uw6DaaAljD2nInzmjyqjNqvAQv4j16+
USBSASxlAc3FSbcBGpRiA3rYQWoiqsP4WDdP77G8PkxFbmFsCfqoZ3kXQHqd4kVT
Kf0jCqZ6tKTQ6i/H8OSsrfI196TuXV460QLj2dM/wfkaTidx1Qtt7vFA7AH8HJG1
a2d4zsWRLr3AfM6a2Jz2u/lUVpCvL4/25nSvhn8zmYVg+fd2x1jDWz6+jgw/GNra
Zmcx9MYMIa/bcPfFmNAV6bneCQWCG+Oe3DJZ1gNaCHvKiqWvaZd6SBQtANrrQYog
W9f5o7RYmjYl08iARwD0hbwZNSQ=
-----END CERTIFICATE-----
Not sure if the ordering matters but the above worked.
Just curious how you knew it was the above? Is this just something that
you normally need to do, or is it documented somewhere? (I do recall that
Grafana asks you for a separate cert file and cert key.)
Thanks,
Victor
Victor,
I believe you'll need to concatenate the key and certificate into a
single file. Let me know if that doesn't work.
Todd
Post by Victor Hooi
I'm running InfluxDB on OSX, which I have working with HTTP. I'm now
trying to enable SSL for both 8083 and 8086, using a self-signed
certificate.
https://msol.io/blog/tech/2014/09/30/create-a-self-signed-ssl-certificate-with-openssl/
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out csr.pem
openssl req -x509 -days 365 -key key.pem -in csr.pem -out
certificate.pem
This is the contents of my certificate.pem (I don't have any issues
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMn2Y4OQRukTMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDAeFw0xNTA5MDMwMzM2NDRaFw0xNjA5MDIwMzM2NDRaMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqVTtsPLURL
cjXWgqYeiao+rXEmqpUMlBbcHsFp7H7cmJGCOBtpYDncm1wAJ3QsKxHg+rt5LXWf
j/7MpDxTsOxNdZyBBSVicaKtHWnqFFDu6D0BWrmW2Zzw4Bu+Xmoy+eSYgxJR9DCv
O8DsgSo+UR41DGhGYrlsxmdv21OxTE7IlUuQmCVCpiIC65+mSzGhSS87wPkakm2P
hDXzsJvX8yDK67/hNXLWAZn6lpsupOjLoG0MhPV7GchYS4HN+f+QO8UiJhoa59uV
Nhz5K7Kd47ymeZJPd2qYZRQSs/jpFx3o1GZMUr9ViWK4RRs2DovmmBlFkLf3E47z
XUm4Q3sJ8qECAwEAAaOBoDCBnTAdBgNVHQ4EFgQU2DI6wxURUk/fIbHDBAXPngtW
PqswbgYDVR0jBGcwZYAU2DI6wxURUk/fIbHDBAXPngtWPquhQqRAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAMn2Y4OQRukTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAJGOC/uN2zipovwg2TyFDGhhup263uw6DaaAljD2nInzmjyqjNqvAQv4j16+
USBSASxlAc3FSbcBGpRiA3rYQWoiqsP4WDdP77G8PkxFbmFsCfqoZ3kXQHqd4kVT
Kf0jCqZ6tKTQ6i/H8OSsrfI196TuXV460QLj2dM/wfkaTidx1Qtt7vFA7AH8HJG1
a2d4zsWRLr3AfM6a2Jz2u/lUVpCvL4/25nSvhn8zmYVg+fd2x1jDWz6+jgw/GNra
Zmcx9MYMIa/bcPfFmNAV6bneCQWCG+Oe3DJZ1gNaCHvKiqWvaZd6SBQtANrrQYog
W9f5o7RYmjYl08iARwD0hbwZNSQ=
-----END CERTIFICATE-----
[admin]
enabled = true
bind-address = ":8083"
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
[http]
enabled = true
bind-address = ":8086"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
influxd -config /usr/local/etc/influxdb.conf
8888888 .d888 888 8888888b. 888888b.
888 d88P" 888 888 "Y88b 888 "88b
888 888 888 888 888 888 .88P
888 88888b. 888888 888 888 888 888 888 888 888 8888888K.
888 888 "88b 888 888 888 888 Y8bd8P' 888 888 888 "Y88b
888 888 888 888 888 888 888 X88K 888 888 888 888
888 888 888 888 888 Y88b 888 .d8""8b. 888 .d88P 888 d88P
8888888 888 888 888 888 "Y88888 888 888 8888888P" 8888888P"
2015/09/03 13:38:02 InfluxDB starting, version 0.9.4-HEAD, branch
unknown, commit b4970d4eb418fc6ea44b3d175f430e162e9dd9c5
2015/09/03 13:38:02 Go version go1.5, GOMAXPROCS set to 4
/usr/local/etc/influxdb.conf
[monitor] 2015/09/03 13:38:02 starting monitor service for cluster 0,
host localhost
[monitor] 2015/09/03 13:38:02 'runtime:map[]' registered for monitoring
...
/usr/local/var/influxdb/hh
[tcp] 2015/09/03 13:38:02 Starting cluster service
[shard-precreation] 2015/09/03 13:38:02 Starting precreation service
with check interval of 10m0s, advance period of 30m0s
[snapshot] 2015/09/03 13:38:02 Starting snapshot service
[admin] 2015/09/03 13:38:02 Starting admin service
[snapshot] 2015/09/03 13:38:02 snapshot listener closed
[tcp] 2015/09/03 13:38:02 cluster service accept error: network
connection closed
[shard-precreation] 2015/09/03 13:38:02 Precreation service terminating
[retention] 2015/09/03 13:38:02 retention policy enforcement terminating
run: open server: open service: crypto/tls: failed to parse key PEM data
I'm guessing I went wrong somewhere with the PEM key generation, and
InfluxDB isn't liking this particular format somehow - any thoughts?
Thanks,
Victor
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google
Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/a276896b-a713-4fe1-b2a4-1a151fa0628a%40googlegroups.com
<https://groups.google.com/d/msgid/influxdb/a276896b-a713-4fe1-b2a4-1a151fa0628a%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups
"InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an
<javascript:>.
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/b5fe6d70-ddc2-425e-ab8a-684c2ce867cb%40googlegroups.com
<https://groups.google.com/d/msgid/influxdb/b5fe6d70-ddc2-425e-ab8a-684c2ce867cb%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/a8505930-d22e-4382-ae04-2c9ba8c3302d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Victor Hooi
2015-09-03 21:03:52 UTC
Permalink
Hi,

Hmm, wait, is InsecureSkipVerify a code change? Or you mentioned a config
setting - do you mean it's possibly to set this on the fly within Influx? I
didn't realise one was exposed.

Thanks,
Victor
Victor,
I'm not sure I've tried that recently, but I'm pretty sure Go's TLS
library checks for insecure certificates by default. I'll see if there's a
true` manually or with a config setting.
Todd
Post by Victor Hooi
Hi,
Aha, yes, OK, I can see why you would know it quite intimately then =).
I'm also attempting to use the Influx CLI utility to connect to localhost
- however, I'm getting an error message about the certificate not being
valid.
Connected to https://localhost:8086 version
InfluxDB shell 0.9.4-HEAD
show databases
certificate is valid for , not localhost
The above error seemed to be related to be not setting the Common Name to
the server FQDN when I ran openssl req -new -key key.pem -out csr.pem. I
Common Name (e.g. server FQDN or YOUR name) []:localhost
Connected to https://localhost:8086 version
InfluxDB shell 0.9.4-HEAD
show databases
certificate signed by unknown authority
2015/09/03 14:46:28 http: TLS handshake error from [::1]:49627: remote
error: bad certificate
Is there some option to ignore the "certificate signed by unknown
authority" error message?
Basically, is it possible to get InfluxDB CLI to work with self-signed
certificates?
Thanks,
Victor
Victor,
Unfortunately, I had an unfair advantage. I'm pretty sure I wrote the
most recent version of the HTTPS support, so I didn't need the docs. ;)
I'm not sure this is clearly documented anywhere yet, but it should be.
https://github.com/influxdb/influxdb.com/issues/284
<https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Finfluxdb%2Finfluxdb.com%2Fissues%2F284&sa=D&sntz=1&usg=AFQjCNHXCWO9KFiJ7GgjOiWwU84kk6fmCQ>
Thanks for letting us know that you'd gotten it to work!
Todd
Hi Todd,
cat key.pem certificate.pem > blah.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqpVO2w8tREtyNdaCph6Jqj6tcSaqlQyUFtwewWnsftyYkYI4
G2lgOdybXAAndCwrEeD6u3ktdZ+P/sykPFOw7E11nIEFJWJxoq0daeoUUO7oPQFa
uZbZnPDgG75eajL55JiDElH0MK87wOyBKj5RHjUMaEZiuWzGZ2/bU7FMTsiVS5CY
JUKmIgLrn6ZLMaFJLzvA+RqSbY+ENfOwm9fzIMrrv+E1ctYBmfqWmy6k6MugbQyE
9XsZyFhLgc35/5A7xSImGhrn25U2HPkrsp3jvKZ5kk93aphlFBKz+OkXHejUZkxS
v1WJYrhFGzYOi+aYGUWQt/cTjvNdSbhDewnyoQIDAQABAoIBAGq/jN1hHf7DB/HR
D2lNavDy0C8i91TWzkWP8l8vHiQ1f/Ru/RWKWAFdoItuPUJh8YH6vG1dY6lb9QyK
m6x04x69SoBp7QJ8HIiktOd26MfM+eBTXKcPU5b21ggGlab3x5HaLwvj5WAiCM6u
MhZxcOnqYJ1Qjq9i9rX8NdCl/w69Sb7zwa1bKUg5VXZLOoMDhZ9Q2JItOifRR87n
Lyqu1sbaSxz6nQ/WF39II//LUgVOguNVxcl4uN5AjG49Sdm5ARgptr/Zk4R59qiq
xw0LY3FlhZyohiNfTh+IZB0XdLB7JG5KdBD+UvFhfr/TedPSwbPdKyNN/fimDvHj
NBniFAECgYEA06KsyoiY3c7CKyspQiaOJE6E3Kj8O7RLuFKZnhfam8yypczNxCJ8
mh8t4wzSEBhtpGFriFlwfvpmapkehDrPVyoDPpwJQlXEwzdKt66xWeUwGGATYJms
j6I+zsJTPTCNT67Ixo6Xwy7g+2Xk2maX8dbZibTvjBAUzlnRrtZM6ZECgYEAzleV
bHpzj1OPqoKdvSApCYt1DRehBVIMpM/CDWkPrwgVqg1Ojgl+lg/c1dzqiixsA/lM
SYql1871rpSU1+ANDb8VH5yHOevmgFBP5mVvWCZbMgR6vfrCU73XKx1+sc2y4Hdm
+BtagCsTCUgkU0kbrfu4Ax0jorgyR5P6niZPcBECgYBDTC92GAnEPsMvxwHPr0Lz
+KP3JyVONv79FgcTZrJ1aJpGbuHfxLeqqs+Eq8cAp0P2SaRQL2C+gBGhRB+YHLti
FFIDzsqC9ZMkIKj5z+tFksPAfIys4zEkW4ttZA3kH1RQSlw+B4nq3zVbvAMSEB2x
IYj7aTXjbBmxpI4w8qRygQKBgDXRKBrL8TnvnGfne0apjap8ogHRKOEfXkbaHQ2s
WjfXjvb0U4m+NjLjXkC1RsLVBTMgIWKI8+pOg0uOWyfWuvDb5qGBDM/xlAPhboVz
7U97aYupGW5Vabu3ptgK8FFligL7gXKyh68oDOX91+OVDNAa+Apv3iyBiDOdB9+Z
tFxRAoGBAIakKNqQF9++oSbYUVE8oLgM4xSsS9h5uqnj9spaekXa+TkX4h4f/9K6
Yvafq0vGebO0O9jRaNX1h2Q204x/8CBiRvuPZfpKk6Gwjf/2PHf2NSDpm/OaYXB/
1DQj+dYm6P/M/8PmetS/XXyJ5efM9100p2LSBsF/imL/QZOT2pKs
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMn2Y4OQRukTMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDAeFw0xNTA5MDMwMzM2NDRaFw0xNjA5MDIwMzM2NDRaMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqVTtsPLURL
cjXWgqYeiao+rXEmqpUMlBbcHsFp7H7cmJGCOBtpYDncm1wAJ3QsKxHg+rt5LXWf
j/7MpDxTsOxNdZyBBSVicaKtHWnqFFDu6D0BWrmW2Zzw4Bu+Xmoy+eSYgxJR9DCv
O8DsgSo+UR41DGhGYrlsxmdv21OxTE7IlUuQmCVCpiIC65+mSzGhSS87wPkakm2P
hDXzsJvX8yDK67/hNXLWAZn6lpsupOjLoG0MhPV7GchYS4HN+f+QO8UiJhoa59uV
Nhz5K7Kd47ymeZJPd2qYZRQSs/jpFx3o1GZMUr9ViWK4RRs2DovmmBlFkLf3E47z
XUm4Q3sJ8qECAwEAAaOBoDCBnTAdBgNVHQ4EFgQU2DI6wxURUk/fIbHDBAXPngtW
PqswbgYDVR0jBGcwZYAU2DI6wxURUk/fIbHDBAXPngtWPquhQqRAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAMn2Y4OQRukTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAJGOC/uN2zipovwg2TyFDGhhup263uw6DaaAljD2nInzmjyqjNqvAQv4j16+
USBSASxlAc3FSbcBGpRiA3rYQWoiqsP4WDdP77G8PkxFbmFsCfqoZ3kXQHqd4kVT
Kf0jCqZ6tKTQ6i/H8OSsrfI196TuXV460QLj2dM/wfkaTidx1Qtt7vFA7AH8HJG1
a2d4zsWRLr3AfM6a2Jz2u/lUVpCvL4/25nSvhn8zmYVg+fd2x1jDWz6+jgw/GNra
Zmcx9MYMIa/bcPfFmNAV6bneCQWCG+Oe3DJZ1gNaCHvKiqWvaZd6SBQtANrrQYog
W9f5o7RYmjYl08iARwD0hbwZNSQ=
-----END CERTIFICATE-----
Not sure if the ordering matters but the above worked.
Just curious how you knew it was the above? Is this just something that
you normally need to do, or is it documented somewhere? (I do recall that
Grafana asks you for a separate cert file and cert key.)
Thanks,
Victor
Victor,
I believe you'll need to concatenate the key and certificate into a
single file. Let me know if that doesn't work.
Todd
Post by Victor Hooi
I'm running InfluxDB on OSX, which I have working with HTTP. I'm now
trying to enable SSL for both 8083 and 8086, using a self-signed
certificate.
https://msol.io/blog/tech/2014/09/30/create-a-self-signed-ssl-certificate-with-openssl/
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out csr.pem
openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem
This is the contents of my certificate.pem (I don't have any issues
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMn2Y4OQRukTMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDAeFw0xNTA5MDMwMzM2NDRaFw0xNjA5MDIwMzM2NDRaMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqVTtsPLURL
cjXWgqYeiao+rXEmqpUMlBbcHsFp7H7cmJGCOBtpYDncm1wAJ3QsKxHg+rt5LXWf
j/7MpDxTsOxNdZyBBSVicaKtHWnqFFDu6D0BWrmW2Zzw4Bu+Xmoy+eSYgxJR9DCv
O8DsgSo+UR41DGhGYrlsxmdv21OxTE7IlUuQmCVCpiIC65+mSzGhSS87wPkakm2P
hDXzsJvX8yDK67/hNXLWAZn6lpsupOjLoG0MhPV7GchYS4HN+f+QO8UiJhoa59uV
Nhz5K7Kd47ymeZJPd2qYZRQSs/jpFx3o1GZMUr9ViWK4RRs2DovmmBlFkLf3E47z
XUm4Q3sJ8qECAwEAAaOBoDCBnTAdBgNVHQ4EFgQU2DI6wxURUk/fIbHDBAXPngtW
PqswbgYDVR0jBGcwZYAU2DI6wxURUk/fIbHDBAXPngtWPquhQqRAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAMn2Y4OQRukTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAJGOC/uN2zipovwg2TyFDGhhup263uw6DaaAljD2nInzmjyqjNqvAQv4j16+
USBSASxlAc3FSbcBGpRiA3rYQWoiqsP4WDdP77G8PkxFbmFsCfqoZ3kXQHqd4kVT
Kf0jCqZ6tKTQ6i/H8OSsrfI196TuXV460QLj2dM/wfkaTidx1Qtt7vFA7AH8HJG1
a2d4zsWRLr3AfM6a2Jz2u/lUVpCvL4/25nSvhn8zmYVg+fd2x1jDWz6+jgw/GNra
Zmcx9MYMIa/bcPfFmNAV6bneCQWCG+Oe3DJZ1gNaCHvKiqWvaZd6SBQtANrrQYog
W9f5o7RYmjYl08iARwD0hbwZNSQ=
-----END CERTIFICATE-----
[admin]
enabled = true
bind-address = ":8083"
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
[http]
enabled = true
bind-address = ":8086"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
influxd -config /usr/local/etc/influxdb.conf
8888888 .d888 888 8888888b. 888888b.
888 d88P" 888 888 "Y88b 888 "88b
888 888 888 888 888 888 .88P
888 88888b. 888888 888 888 888 888 888 888 888 8888888K.
888 888 "88b 888 888 888 888 Y8bd8P' 888 888 888 "Y88b
888 888 888 888 888 888 888 X88K 888 888 888 888
888 888 888 888 888 Y88b 888 .d8""8b. 888 .d88P 888 d88P
8888888 888 888 888 888 "Y88888 888 888 8888888P" 8888888P"
2015/09/03 13:38:02 InfluxDB starting, version 0.9.4-HEAD, branch
unknown, commit b4970d4eb418fc6ea44b3d175f430e162e9dd9c5
2015/09/03 13:38:02 Go version go1.5, GOMAXPROCS set to 4
/usr/local/etc/influxdb.conf
[monitor] 2015/09/03 13:38:02 starting monitor service for cluster
0, host localhost
[monitor] 2015/09/03 13:38:02 'runtime:map[]' registered for monitoring
...
/usr/local/var/influxdb/hh
[tcp] 2015/09/03 13:38:02 Starting cluster service
[shard-precreation] 2015/09/03 13:38:02 Starting precreation service
with check interval of 10m0s, advance period of 30m0s
[snapshot] 2015/09/03 13:38:02 Starting snapshot service
[admin] 2015/09/03 13:38:02 Starting admin service
[snapshot] 2015/09/03 13:38:02 snapshot listener closed
[tcp] 2015/09/03 13:38:02 cluster service accept error: network
connection closed
[shard-precreation] 2015/09/03 13:38:02 Precreation service terminating
[retention] 2015/09/03 13:38:02 retention policy enforcement terminating
run: open server: open service: crypto/tls: failed to parse key PEM data
I'm guessing I went wrong somewhere with the PEM key generation, and
InfluxDB isn't liking this particular format somehow - any thoughts?
Thanks,
Victor
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google
Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it,
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/a276896b-a713-4fe1-b2a4-1a151fa0628a%40googlegroups.com
<https://groups.google.com/d/msgid/influxdb/a276896b-a713-4fe1-b2a4-1a151fa0628a%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google
Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/b5fe6d70-ddc2-425e-ab8a-684c2ce867cb%40googlegroups.com
<https://groups.google.com/d/msgid/influxdb/b5fe6d70-ddc2-425e-ab8a-684c2ce867cb%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups
"InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an
<javascript:>.
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/a8505930-d22e-4382-ae04-2c9ba8c3302d%40googlegroups.com
<https://groups.google.com/d/msgid/influxdb/a8505930-d22e-4382-ae04-2c9ba8c3302d%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/612477dd-8c58-4613-bc23-0ac38b93ba5e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Victor Hooi
2015-09-13 13:07:18 UTC
Permalink
FYI - I raised a Github issue for this:

https://github.com/influxdb/influxdb/issues/4090
Post by Victor Hooi
Hi,
Hmm, wait, is InsecureSkipVerify a code change? Or you mentioned a config
setting - do you mean it's possibly to set this on the fly within Influx? I
didn't realise one was exposed.
Thanks,
Victor
Victor,
I'm not sure I've tried that recently, but I'm pretty sure Go's TLS
library checks for insecure certificates by default. I'll see if there's a
true` manually or with a config setting.
Todd
Post by Victor Hooi
Hi,
Aha, yes, OK, I can see why you would know it quite intimately then =).
I'm also attempting to use the Influx CLI utility to connect to
localhost - however, I'm getting an error message about the certificate not
being valid.
Connected to https://localhost:8086 version
InfluxDB shell 0.9.4-HEAD
show databases
certificate is valid for , not localhost
The above error seemed to be related to be not setting the Common Name
to the server FQDN when I ran openssl req -new -key key.pem -out csr.pem.
Common Name (e.g. server FQDN or YOUR name) []:localhost
Connected to https://localhost:8086 version
InfluxDB shell 0.9.4-HEAD
show databases
certificate signed by unknown authority
2015/09/03 14:46:28 http: TLS handshake error from [::1]:49627: remote
error: bad certificate
Is there some option to ignore the "certificate signed by unknown
authority" error message?
Basically, is it possible to get InfluxDB CLI to work with self-signed
certificates?
Thanks,
Victor
Victor,
Unfortunately, I had an unfair advantage. I'm pretty sure I wrote the
most recent version of the HTTPS support, so I didn't need the docs. ;)
I'm not sure this is clearly documented anywhere yet, but it should be.
https://github.com/influxdb/influxdb.com/issues/284
<https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Finfluxdb%2Finfluxdb.com%2Fissues%2F284&sa=D&sntz=1&usg=AFQjCNHXCWO9KFiJ7GgjOiWwU84kk6fmCQ>
Thanks for letting us know that you'd gotten it to work!
Todd
Hi Todd,
cat key.pem certificate.pem > blah.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqpVO2w8tREtyNdaCph6Jqj6tcSaqlQyUFtwewWnsftyYkYI4
G2lgOdybXAAndCwrEeD6u3ktdZ+P/sykPFOw7E11nIEFJWJxoq0daeoUUO7oPQFa
uZbZnPDgG75eajL55JiDElH0MK87wOyBKj5RHjUMaEZiuWzGZ2/bU7FMTsiVS5CY
JUKmIgLrn6ZLMaFJLzvA+RqSbY+ENfOwm9fzIMrrv+E1ctYBmfqWmy6k6MugbQyE
9XsZyFhLgc35/5A7xSImGhrn25U2HPkrsp3jvKZ5kk93aphlFBKz+OkXHejUZkxS
v1WJYrhFGzYOi+aYGUWQt/cTjvNdSbhDewnyoQIDAQABAoIBAGq/jN1hHf7DB/HR
D2lNavDy0C8i91TWzkWP8l8vHiQ1f/Ru/RWKWAFdoItuPUJh8YH6vG1dY6lb9QyK
m6x04x69SoBp7QJ8HIiktOd26MfM+eBTXKcPU5b21ggGlab3x5HaLwvj5WAiCM6u
MhZxcOnqYJ1Qjq9i9rX8NdCl/w69Sb7zwa1bKUg5VXZLOoMDhZ9Q2JItOifRR87n
Lyqu1sbaSxz6nQ/WF39II//LUgVOguNVxcl4uN5AjG49Sdm5ARgptr/Zk4R59qiq
xw0LY3FlhZyohiNfTh+IZB0XdLB7JG5KdBD+UvFhfr/TedPSwbPdKyNN/fimDvHj
NBniFAECgYEA06KsyoiY3c7CKyspQiaOJE6E3Kj8O7RLuFKZnhfam8yypczNxCJ8
mh8t4wzSEBhtpGFriFlwfvpmapkehDrPVyoDPpwJQlXEwzdKt66xWeUwGGATYJms
j6I+zsJTPTCNT67Ixo6Xwy7g+2Xk2maX8dbZibTvjBAUzlnRrtZM6ZECgYEAzleV
bHpzj1OPqoKdvSApCYt1DRehBVIMpM/CDWkPrwgVqg1Ojgl+lg/c1dzqiixsA/lM
SYql1871rpSU1+ANDb8VH5yHOevmgFBP5mVvWCZbMgR6vfrCU73XKx1+sc2y4Hdm
+BtagCsTCUgkU0kbrfu4Ax0jorgyR5P6niZPcBECgYBDTC92GAnEPsMvxwHPr0Lz
+KP3JyVONv79FgcTZrJ1aJpGbuHfxLeqqs+Eq8cAp0P2SaRQL2C+gBGhRB+YHLti
FFIDzsqC9ZMkIKj5z+tFksPAfIys4zEkW4ttZA3kH1RQSlw+B4nq3zVbvAMSEB2x
IYj7aTXjbBmxpI4w8qRygQKBgDXRKBrL8TnvnGfne0apjap8ogHRKOEfXkbaHQ2s
WjfXjvb0U4m+NjLjXkC1RsLVBTMgIWKI8+pOg0uOWyfWuvDb5qGBDM/xlAPhboVz
7U97aYupGW5Vabu3ptgK8FFligL7gXKyh68oDOX91+OVDNAa+Apv3iyBiDOdB9+Z
tFxRAoGBAIakKNqQF9++oSbYUVE8oLgM4xSsS9h5uqnj9spaekXa+TkX4h4f/9K6
Yvafq0vGebO0O9jRaNX1h2Q204x/8CBiRvuPZfpKk6Gwjf/2PHf2NSDpm/OaYXB/
1DQj+dYm6P/M/8PmetS/XXyJ5efM9100p2LSBsF/imL/QZOT2pKs
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMn2Y4OQRukTMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDAeFw0xNTA5MDMwMzM2NDRaFw0xNjA5MDIwMzM2NDRaMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqVTtsPLURL
cjXWgqYeiao+rXEmqpUMlBbcHsFp7H7cmJGCOBtpYDncm1wAJ3QsKxHg+rt5LXWf
j/7MpDxTsOxNdZyBBSVicaKtHWnqFFDu6D0BWrmW2Zzw4Bu+Xmoy+eSYgxJR9DCv
O8DsgSo+UR41DGhGYrlsxmdv21OxTE7IlUuQmCVCpiIC65+mSzGhSS87wPkakm2P
hDXzsJvX8yDK67/hNXLWAZn6lpsupOjLoG0MhPV7GchYS4HN+f+QO8UiJhoa59uV
Nhz5K7Kd47ymeZJPd2qYZRQSs/jpFx3o1GZMUr9ViWK4RRs2DovmmBlFkLf3E47z
XUm4Q3sJ8qECAwEAAaOBoDCBnTAdBgNVHQ4EFgQU2DI6wxURUk/fIbHDBAXPngtW
PqswbgYDVR0jBGcwZYAU2DI6wxURUk/fIbHDBAXPngtWPquhQqRAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAMn2Y4OQRukTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAJGOC/uN2zipovwg2TyFDGhhup263uw6DaaAljD2nInzmjyqjNqvAQv4j16+
USBSASxlAc3FSbcBGpRiA3rYQWoiqsP4WDdP77G8PkxFbmFsCfqoZ3kXQHqd4kVT
Kf0jCqZ6tKTQ6i/H8OSsrfI196TuXV460QLj2dM/wfkaTidx1Qtt7vFA7AH8HJG1
a2d4zsWRLr3AfM6a2Jz2u/lUVpCvL4/25nSvhn8zmYVg+fd2x1jDWz6+jgw/GNra
Zmcx9MYMIa/bcPfFmNAV6bneCQWCG+Oe3DJZ1gNaCHvKiqWvaZd6SBQtANrrQYog
W9f5o7RYmjYl08iARwD0hbwZNSQ=
-----END CERTIFICATE-----
Not sure if the ordering matters but the above worked.
Just curious how you knew it was the above? Is this just something
that you normally need to do, or is it documented somewhere? (I do recall
that Grafana asks you for a separate cert file and cert key.)
Thanks,
Victor
Victor,
I believe you'll need to concatenate the key and certificate into a
single file. Let me know if that doesn't work.
Todd
Post by Victor Hooi
I'm running InfluxDB on OSX, which I have working with HTTP. I'm now
trying to enable SSL for both 8083 and 8086, using a self-signed
certificate.
https://msol.io/blog/tech/2014/09/30/create-a-self-signed-ssl-certificate-with-openssl/
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out csr.pem
openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem
This is the contents of my certificate.pem (I don't have any issues
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAMn2Y4OQRukTMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDAeFw0xNTA5MDMwMzM2NDRaFw0xNjA5MDIwMzM2NDRaMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqVTtsPLURL
cjXWgqYeiao+rXEmqpUMlBbcHsFp7H7cmJGCOBtpYDncm1wAJ3QsKxHg+rt5LXWf
j/7MpDxTsOxNdZyBBSVicaKtHWnqFFDu6D0BWrmW2Zzw4Bu+Xmoy+eSYgxJR9DCv
O8DsgSo+UR41DGhGYrlsxmdv21OxTE7IlUuQmCVCpiIC65+mSzGhSS87wPkakm2P
hDXzsJvX8yDK67/hNXLWAZn6lpsupOjLoG0MhPV7GchYS4HN+f+QO8UiJhoa59uV
Nhz5K7Kd47ymeZJPd2qYZRQSs/jpFx3o1GZMUr9ViWK4RRs2DovmmBlFkLf3E47z
XUm4Q3sJ8qECAwEAAaOBoDCBnTAdBgNVHQ4EFgQU2DI6wxURUk/fIbHDBAXPngtW
PqswbgYDVR0jBGcwZYAU2DI6wxURUk/fIbHDBAXPngtWPquhQqRAMD4xCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAMn2Y4OQRukTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAJGOC/uN2zipovwg2TyFDGhhup263uw6DaaAljD2nInzmjyqjNqvAQv4j16+
USBSASxlAc3FSbcBGpRiA3rYQWoiqsP4WDdP77G8PkxFbmFsCfqoZ3kXQHqd4kVT
Kf0jCqZ6tKTQ6i/H8OSsrfI196TuXV460QLj2dM/wfkaTidx1Qtt7vFA7AH8HJG1
a2d4zsWRLr3AfM6a2Jz2u/lUVpCvL4/25nSvhn8zmYVg+fd2x1jDWz6+jgw/GNra
Zmcx9MYMIa/bcPfFmNAV6bneCQWCG+Oe3DJZ1gNaCHvKiqWvaZd6SBQtANrrQYog
W9f5o7RYmjYl08iARwD0hbwZNSQ=
-----END CERTIFICATE-----
[admin]
enabled = true
bind-address = ":8083"
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
[http]
enabled = true
bind-address = ":8086"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate =
"/Users/victorhooi/Documents/influxdb_ssl/certificate.pem"
influxd -config /usr/local/etc/influxdb.conf
8888888 .d888 888 8888888b. 888888b.
888 d88P" 888 888 "Y88b 888 "88b
888 888 888 888 888 888 .88P
888 88888b. 888888 888 888 888 888 888 888 888 8888888K.
888 888 "88b 888 888 888 888 Y8bd8P' 888 888 888 "Y88b
888 888 888 888 888 888 888 X88K 888 888 888 888
888 888 888 888 888 Y88b 888 .d8""8b. 888 .d88P 888 d88P
8888888 888 888 888 888 "Y88888 888 888 8888888P" 8888888P"
2015/09/03 13:38:02 InfluxDB starting, version 0.9.4-HEAD, branch
unknown, commit b4970d4eb418fc6ea44b3d175f430e162e9dd9c5
2015/09/03 13:38:02 Go version go1.5, GOMAXPROCS set to 4
/usr/local/etc/influxdb.conf
[monitor] 2015/09/03 13:38:02 starting monitor service for cluster
0, host localhost
[monitor] 2015/09/03 13:38:02 'runtime:map[]' registered for monitoring
...
/usr/local/var/influxdb/hh
[tcp] 2015/09/03 13:38:02 Starting cluster service
[shard-precreation] 2015/09/03 13:38:02 Starting precreation
service with check interval of 10m0s, advance period of 30m0s
[snapshot] 2015/09/03 13:38:02 Starting snapshot service
[admin] 2015/09/03 13:38:02 Starting admin service
[snapshot] 2015/09/03 13:38:02 snapshot listener closed
[tcp] 2015/09/03 13:38:02 cluster service accept error: network
connection closed
[shard-precreation] 2015/09/03 13:38:02 Precreation service terminating
[retention] 2015/09/03 13:38:02 retention policy enforcement terminating
run: open server: open service: crypto/tls: failed to parse key PEM data
I'm guessing I went wrong somewhere with the PEM key generation, and
InfluxDB isn't liking this particular format somehow - any thoughts?
Thanks,
Victor
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google
Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it,
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/a276896b-a713-4fe1-b2a4-1a151fa0628a%40googlegroups.com
<https://groups.google.com/d/msgid/influxdb/a276896b-a713-4fe1-b2a4-1a151fa0628a%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google
Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/b5fe6d70-ddc2-425e-ab8a-684c2ce867cb%40googlegroups.com
<https://groups.google.com/d/msgid/influxdb/b5fe6d70-ddc2-425e-ab8a-684c2ce867cb%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google
Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit
https://groups.google.com/d/msgid/influxdb/a8505930-d22e-4382-ae04-2c9ba8c3302d%40googlegroups.com
<https://groups.google.com/d/msgid/influxdb/a8505930-d22e-4382-ae04-2c9ba8c3302d%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/58397c1a-d70f-425d-9a91-11acf3894f2c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
n***@gmail.com
2016-07-16 02:05:57 UTC
Permalink
I'm also trying to get SSL/TLS working for my InfluxDB server. I created my server key and certs almost identically to how Victor created his. I can successfully connect locally using the CLI client using `influx --ssl -unsafeSsl`, but my requirement is to connect via any HTTPS client _without_ forcing an insecure connection. I tried connecting to my server using `curl` but I get an error. I filed the details here: https://github.com/influxdata/influxdb/issues/4090#issuecomment-232987018
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/035ffd65-e1c4-44da-9587-4116bdacdf5e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nathan Murthy
2016-07-18 06:50:29 UTC
Permalink
That's correct. Problem solved using

curl -k --key client.key --cert client.pem ...
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/CAE1Xq1Jxkw2jcMjLvL%2BT%3DGxEwaORB1SZBNgR%3DqWoQ9XPE%2BvMoQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
d***@gmail.com
2015-10-01 07:45:33 UTC
Permalink
Hi
I have certificate signed by authority.
Where do i add the root CA to trusted authorities so the influx client will trust it?
I am using centos 7 OS

Thanks Dima
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at http://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/f5d7f21c-380c-4a43-9bbd-cf5b1fdee0aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
n***@gmail.com
2016-07-16 02:05:34 UTC
Permalink
I'm also trying to get SSL/TLS working for my InfluxDB server. I created my server key and certs almost identically to how Victor created his. I can successfully connect locally using the CLI client using `influx --ssl -unsafeSsl`, but my requirement is to connect via any HTTPS client _without_ forcing an insecure connection. I tried connecting to my server using `curl` but I get an error. I filed the details here: https://github.com/influxdata/influxdb/issues/4090#issuecomment-232987018
--
Remember to include the InfluxDB version number with all issue reports
---
You received this message because you are subscribed to the Google Groups "InfluxDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/influxdb.
To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/8a0ddcec-a9b4-4edf-8d43-bbfacf148915%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...