i have setup a pmm-server ( with the 1.1.1 docker image) with my wildcard SSL certificate buy whith Thawte and the user/password protection.
Access to the Pmm-server web pages is OK and the web browser trust the Thawte certificate, but when i try to connect a pmm-client to the pmm-server, i always have the following message :
Looks like PMM server running with self-signed SSL certificate.
Use ‘pmm-admin config’ with --server-insecure-ssl flag.
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
As suggested i have read the [url]http://curl.haxx.se/docs/sslcerts.html[/url] web page and understand curl desn’t have all CA in his CA bundle (but a new web browser have them).
Maybe you could extract a CA bundle from a new web broswer and put it in the next pmm-client package (as explain in the last point of the web page) ?
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.