Signed plugin fails to connect to HTTPS endpoint configured with a self-signed certificate

We have developed a plugin for our product.
The customer has configured our product with HTTPS communication using a self-signed certificate.

When the customer used the unsigned plugin, the he was able to successfully set a datasource. However, after signing the plugin (privately), the customer encountered the following error:

referer=https://grafana-orig-engineeringmycompany.net/connections/datasources/edit/ddxcfzzr61b0ge t=2024-09-09T04:29:42.407839198Z level=error msg="Proxy request failed" err="tls: failed to verify certificate: x509: certificate signed by unknown authority"

Is there a specific reason why the connection is being rejected once the plugin is signed? How can I resolve this issue?

Hi @assafshlomi

This might be more related to your data source configuration than the plugin signature. you must make sure your plugin supports making requests to self-signed certificates. Perhaps the user had changed the configuration before and after the plugin was signed

Yes. You are correct. Indeed the problem is that it fails when Grafana is installed on OpenShift. When it was installed on a stand alone machine it was fine.

Can the customer add the certificate to the machine, such the plugin will accept the comunication?

@assafshlomi unfortunately I am not familiar with grafana deployments in openshift it might be worth to ask this in Installation - Grafana Labs Community Forums instead of plugin development.

The best you can do is modify the plugin so it accepts connections to self-signed certificates or add the certificate to the server somehow (I can’t really help you on this part)