mTLS was enabled but failed to access Prometheus via web

[Boyu Du]

Hi Team,

I enabled mTLS on Prometheus server via web-config:

tls_server_config:

  cert_file: <Prometheus server cert>

  key_file: <Prometheus server key>

client_auth_type: RequireAndVerifyClientCert

client_ca_file: <CA file that singed server cert above>

This worked fine since all my underlying Prometheus Agent and Grafana could talk with this server successfully. However, when I tried to check the targets it monitors via browser, it says:

"The connection for this site is not secure. <Prometheus Server> didn't accept your login certificate, or a login certificate may not have been provided."

And from the log file of Prometheus Server:

"caller=stdlib.go:105 level=error component=web caller="http: TLS handshake error from <server I accessed Prometheus Server>" msg="tls: client didn't provide a certificate""

The server I access the Prometheus Server URL is a windows and it has cert imported, which is signed by the same CA.

May I know what I missed in the config?

Thanks

[Stuart Clark]

How have you configured the Windows machine? Have you just imported the
CA into Windows, or did you generate a client certificate and import /
configure that too?

--
Stuart Clark