Hi,
I have pmm-server in docker and copied the certificates as per the pmm doc.
The certificates are signed by our company CA.
But the browser shows invalid certificate.
Have a missed anything.
Please suggest.
Followed this:
1 Like
Does the browser show your company certificate in use by PMM? If so, then this is a problem with your browser, not PMM. If PMM is presenting the proper certificate but your browser says invalid, then your browser does not trust the signing CA of your company. You will need to add this CA to your OS’s certificate store.
1 Like
Well I think there is something else as we have other apps using the same signing CA and those work well.
1 Like
Can you confirm that the browser is complaining about your company certificate or is it still receiving the self signed certificate that PMM ships with? You should be able to inspect the certificate through the browser to see the details of the cert (issuer, validity date, domain, etc). This used to be simple in chrome but for whatever reason they made it hard. Here’s a guide to get the info using developer tools and when you view certificate we can confirm PMM is using the right certificate and you should be able to see exactly what isn’t trusted (certificate, issuer, expired, etc).
The most common issue is see is the certificates need to be named exactly as the instructions say or we’ll continue using the untrusted certs. In other worlds if your company crt file was called my.domain.crt and you didn’t rename it to certificate.crt inside the container PMM won’t pick up the new certificate and same for the other files.
1 Like
@ulka01,
Did you confirm that your browser sees the correct certificate? Click on the ‘lock’ icon in your browser and see what certificate is being presented. If you are still seeing the self-signed cert, then the config is not correct and PMM has not loaded the new one.
1 Like
The browser sees the correct certificate.
But it says:
When I click on the lock icon:
I see
On the General tab:
Windows does not have enough information to verify this certificate.
On the Certificate path under status:
The issuer of this certificate could not be found.
So I installed the certificate on my machine.
And now there is a change:
On the Icon, it still mentions the certificate is invalid.
But when I open it in ‘Incognito’ the certificate is valid.
So it seems something is missing from my side.
Don’t know what!!
1 Like
Hi,
Finally got it working, it was issue with my laptop and the way company certificate was installed.
Got it fixed and then it shows valid now.
So the documentation is perfect 
Thanks for the help.
1 Like