How do I disable TLS certificate verification in grafana for user login using OAuth

Question

I am trying to setup Grafana using the Azure AD configuration in its OAuth setting and the only way to get it working is by using a certificate. Which is fine except for the part where they will not accept privately signed certificates. Unsurprisingly, it throws the following exception:

Error getting user info: Get https://: x509: certificate signed by unknown authority

Do you know a work around? Or the right setting to make grafana use a privately signed cert?

Answer 1

You can add tls_skip_verify_insecure = true to the [auth.generic_oauth] block.

Answer 2

I try different solutions and only two works for me:

• You can set tls_skip_verify_insecure = true in grafana.ini file, but is not a good solution because is not secure like is said in the documentation of Grafana (https://grafana.com/docs/grafana/latest/auth/generic-oauth/):

"tls_skip_verify_insecure controls whether a client verifies the server’s certificate chain and host name. If it is true, then SSL/TLS accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks."

• The other solution, and the one that I´m currently using, is adding my CA (the one that I use to sign my certificates) to the trusted CA's of Grafana in the /etc/ssl/certs/ca-certificates.crt file (adding it at the end of this file).

I hope this helps you, it works for me, but I´m not sure if it's the best solution.