How do I install a certificate in PMM?

jruffer · May 23, 2024, 9:37am

Description:

After installation Chrome complains about the certificate. I would like to install a valid certificate.

Steps to Reproduce:

Connect to the server using Chrome

Version:

percona/pmm-server:2

Logs:

[If applicable, include any relevant log files or error messages]

Expected Result:

[What the user expected to see or happen before the issue occurred]

Actual Result:

[What actually happened when the user encountered the issue]

Additional Information:

[Include any additional information that could be helpful to diagnose the issue, such as browser or device information]

nurlan · May 23, 2024, 10:21am

Hello @jruffer,
it’s written here.

Have a good day.

jruffer · May 23, 2024, 11:02am

Hello @nurlan
A couple of problems:
I don’t have a dhparam.pem.
There is a passphrase set. How would I supply that?
Regards
Jeremy

nurlan · May 23, 2024, 11:43am

Hi again,

skip dhparam.pem
You can tweak nginx configuration inside PMM as it shown in this stackoverflow question Pass cert password to Nginx with https site during restart - Stack Overflow, but it will not survive upgrade, so you will have to tweak it after each upgrade. Another option to use certificate with no passphrase.

I hope it helps you

jruffer · May 23, 2024, 12:19pm

I was able to convert the key to passwordless and create a dhparam.pem but it’s still not right.

The command:
docker exec -it pmm-server chown root.root /srv/nginx/*
returned
chown: cannot access ‘/srv/nginx/*’: No such file or directory
so I used the command for each file explicitly.

Chrome still says it is unsafe.

matthewb · May 23, 2024, 4:11pm

@jruffer
Per the docs, did you mount the path into your container? -v /etc/pmm-certs:/srv/nginx

Please provide all of your commands/steps/output so we can help the best.

jruffer · May 23, 2024, 4:16pm

I used the method for a running image.

docker cp certificate.crt pmm-server:/srv/nginx/certificate.crt
docker cp certificate.key pmm-server:/srv/nginx/certificate.key
docker cp ca-certs.pem pmm-server:/srv/nginx/ca-certs.pem
docker cp dhparam.pem pmm-server:/srv/nginx/dhparam.pem

docker exec -it pmm-server chown root.root /srv/nginx/certificate.crt
docker exec -it pmm-server chown root.root /srv/nginx/certificate.key
docker exec -it pmm-server chown root.root /srv/nginx/ca-certs.pem
docker exec -it pmm-server chown root.root /srv/nginx/dhparam.pem

matthewb · May 23, 2024, 4:21pm

You need to restart the container for the certs to take effect. Or you can restart just nginx and grafana inside the container.

jruffer · May 23, 2024, 4:25pm

Yes, I thought that would be needed.

docker restart pmm-server

Was there anything else I should have done?

jruffer · May 30, 2024, 9:27am

Finally got it sorted. There is a document on the Digicert website that explained that I needed to concatenate 2 files for it to work.

nurlan · May 30, 2024, 9:46am

That’s great @jruffer, could you please share the link? It will be helpful to other users.

jruffer · May 30, 2024, 3:43pm

https://www.digicert.com/kb/csr-ssl-installation/nginx-openssl.htm#create_csr_openssl

Topic		Replies	Views
Trusted certificates (SSL/TLS) instead of self signed cdrtificates PMM 1.x	4	918	December 19, 2019
Error in mounting certificates in pmm-server docker container pmm , percona	4	1372	June 5, 2022
PMM Server/Client Docker SSL Issue PMM 2.x	11	1670	April 6, 2023
Securing PMM using certificates not working PMM 2.x	6	810	November 30, 2022
Remove self signed certificate and replace with our own certs Percona Monitoring and Management (PMM)	2	737	April 19, 2022