Influxdb: Unable to connect to Influx CLI when using self-signed certificate

Created on 13 Sep 2015  路  7Comments  路  Source: influxdata/influxdb

This is related to this discussion:

https://groups.google.com/d/topic/influxdb/onlhVW9WJ-A/discussion

I have setup an InfluxDB server with a self-signed certificate.

I am able to insert data using influxdb-python, since my default verify_ssl is set to False (although it does print annoying warnings, which can't be suppressed (see https://github.com/influxdb/influxdb-python/issues/240).

However, if I try to use the Influx CLI to connect, I get the following error message:

victorhooi@thadeus ~/t/CS-22748> influx --ssl
Connected to https://localhost:8086 version
InfluxDB shell 0.9.4-HEAD
> show databases
ERR: Get https://localhost:8086/query?db=&q=show+databases: x509: certificate signed by unknown authority

There does not seem to be any way to overrride this, or even connect at all.

picture victorhooi

Most helpful comment

Hey all.

So, in shell version 0.12.1, they added a totally undocumented feature, 'unsafeSsl'. It appears to work.

picture brewneaux on 25 Apr 2016
🎉4 👍3

All 7 comments

@toddboom

rkuchan picture rkuchan on 14 Sep 2015

+1

ChrisGute picture ChrisGute on 12 Feb 2016

Hey all.

So, in shell version 0.12.1, they added a totally undocumented feature, 'unsafeSsl'. It appears to work.

brewneaux picture brewneaux on 25 Apr 2016
🎉4 👍3

+1 is there an override for this?

AnthIste picture AnthIste on 2 Jun 2016

This has been resolved with https://github.com/influxdata/influxdb/pull/5284, where you can now use the -unsafeSsl CLI flag.

Edit: to use the -unsafeSsl flag you will also need to use the -ssl flag, so the the command should look like:

influx -ssl -unsafeSsl ....
rossmcdonald picture rossmcdonald on 2 Jun 2016
🎉4 👍1

I'm having a similar issue connecting to InfluxDB server (running 0.13.0) when https-enabled = true in my config. I generated a self-signed certificate following these instructions: http://dst.lbl.gov/~boverhof/openssl_certs.html, and concatenated my server key and server cert into one PEM file. I could successfully connect using the CLI with influx -ssl -unsafeSsl, but when I used cURL I would get this error:

$ curl -i --cacert client.pem -GET 'https://host:8086/query?pretty=true&db=mydb' --data-urlencode "q=SELECT * FROM measurement;"
curl: (58) unable to use client certificate (no key found or wrong pass phrase?)

I've tried -k to force a connection as well as all sorts of combinations of client keys and client certs passed into curl using the --certs and --cacerts option. When using a self-signed server key and cert, what exactly does InfluxDB server expect from the client making a HTTPS request? Also, how do I actually use the influx CLI over HTTPS _without_ the -unsafeSsl flag?

natemurthy picture natemurthy on 15 Jul 2016

Looks like I was just passing the wrong flags to curl, what I needed was:

$ curl -k --key client.key --cert client.pem 'https://host:8086/query?pretty=true&db=mydb' --data-urlencode "q=SELECT * FROM measurement;"

to force an unsafe SSL/TLS connection.

natemurthy picture natemurthy on 17 Jul 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Raniz85 picture Raniz85  路  3Comments
robinjha picture robinjha  路  3Comments
allenbunny picture allenbunny  路  3Comments
shilpapadgaonkar picture shilpapadgaonkar  路  3Comments
affo picture affo  路  3Comments