How configure SSL connection to MySQL with TLSv1.2?

Hi, I am trying to connect to mariaDB secured by certificate. I am sure that the database is correctly configured, but when I try to pass client certificate and key to grafana for the connection always give me the following log:

logger=tsdb.mysql t=2024-04-09T10:41:36.87+0200 lvl=eror msg=“query error” err=“remote error: tls: handshake failure”

I am using:

  • Grafana version 8.4.4
  • MariaDB version 15.1 Distrib 10.7.5-MariaDB

This is the configuration I am using:

  • /etc/grafana/provisioning/datasource/file.yaml :
apiVersion: 1

  - name: MySQL-SSL
    orgId: 1

  - name: MySQL-SSL
    type: mysql
    user: user
    database: DB_TEST
      tlsAuth: true
      tlsAuthWithCACert: false
      tlsSkipVerify: true
      tlsClientCert: $__file{/cert/client-cert.pem}
      tlsClientKey: $__file{/cert/client-key.pem}
      password: ***
    editable: false
  • /etc/mariadb/server.cnf

require_secure_transport = ON
bind-address =

I configure the same certificate with DBeaver and the connection is established with success. The only difference between Grafana and DBeaver is “requireSSL”.

Do you known how can I create a connection like this? I have to update Grafana version?


How is Grafana/MySQL installed? Because you are referring - are you really sure that your are using the same localhost for both?

hi @jangaraj, yes at the moment I have installed both Grafana and MariaDB in the same host. I have also tried to connect throw command line client and it worked:

mysql -u user -h -P 3306 -p --ssl-cert=/cert/client-cert.pem --ssl-key=/cert/client-key.pem

Grafana doesn’t want to connect to DB throw SSL connection or maybe my configuration yaml is incomplete.

Ok, so there is no container. Don’t use provisioning. First configure datasource manually and when you know working setup, then use provisioning.

I don’t see any client cert config on mysql side, so don’t configure client cert on the Grafana side. Just configure root certificate, e. g.: