API DataSource Self Signed Certificate Issue

I am fumbling my way slowly through most issues I have encountered, but this one has been a doozy and I’m not educated enough in all of the aspects to really sort this one on my own. So, I figured I would bring it to the community!

I am currently using Grafana Cloud with the Infinity Plugin to make API calls to multiple locations to build a dashboard for my MSP, that can be used to present live network and device health statistics to our clients. I would like to add some information from Their Unifi Systems, and have been tinkering with the Unifi Controller API. I can access it via Powershell or anything else, so I know that the API connection is working correctly. However the controller uses a self-signed certificate. I am trying to configure the datasource for the API connection to the controller, but in Grafana if I tell it to ignore TLS it gives an error, if I connect directly it says it can’t establish a secure connection. I do see the Use CA Certificate option but I’m unsure of what to input or where to get it from, in the box it produces. Has anyone used Grafana to make API connections to a Unifi Controller ? Any assistance would be very appreciated.

welcome @supportb11a

where are you seeing certificate configuration on this plugin?

oh here

If you have access to the cert ie id_rsa then you get the data from it and post it in above CA Cert

Would that work with the Unifi Controller requiring a UN/PW to login to the API. It’s just basic authentication. This is the part I was intending to use, but I’m unsure of what needs to go into the CA Cert box. I’m working to see about pulling the cert from the controller now, I suppose it may be more clear once I can access the certificate.

nothing in that case if it is basic uname, password but depends on their setup

Thats what it’s starting to look like. Although with basic auth I have the option for CA Certificate. Guess I just gotta get my hands on the certificate. I know via powershell I can

Invoke-RestMethod -Uri https://x.x.x.x:8443/api -headers $logininfo -SkipCertificateCheck and it works.

So Hopefully once I can grab that self signed cert off the device I can use the CA Cert option to get this working correctly

1 Like

i am confused. doee basic auth not work?

Basic Auth does not work, because the Unifi Controller has a self-signed certificate. So it throws an error about needing to establish a secured connection. If you tell it to skip tls it gives a 400 error. I have to tell my powershell scripts that interface with it to -SkipCertificateCheck but with Grafana cloud I haven’t found the way to get it to ignore the self-signed certificate. Well I see the way, I just need to get ahold of the cert off the controller now. Then I suppose I just paste the cert into the box for CA Certificate. (this was so much easier on the self-hosted grafana lol)

1 Like

That’s Skip TLS Verify in Grafana.

hi, @supportb11a , i have just tried the following scenario:

  • have a website with self-signed certificate and http basic authentication
  • i can access the data with something like curl -k -u name:password https://example.com/data.json
  • i can also access this using the infinity plugin if i configure it with:
    • Authentication / Basic Authentication (don’t forget the allowed-hosts part)
    • Network / Skip TLS Verify

could you maybe try it with curl and see if it works?

I’ll give curl a shot when I am back to that machine. I know doing Skip TLS Verify produces error 400.

Skip TLS produces error 400. I know Unifi’s API is “unsupported” or “unofficial” so, that part doesn’t really surprise me too much. I’m going to give some of the suggestions today a shot and see if I can get it to make a connection without error.

But that 400 error is app error = TLS connection was created successfully, but app returns 400 (bad request).
I don’t believe that 400 error is because TLS - probably some bad request method, data, parameters, …