Here is a quick guide to configure self-signed SSL certificate for Grafana, allowing you to browse to a https://your_grafana_server:3000

Requirements:

  • root or sudo root privileges
  • Create an SSL Certificate
openssl genrsa -out grafana.key 2048
  • Next, generate a certificate signing request
openssl req -new -key grafana.key -out grafana.csr
  • Next, Output the certificate
openssl x509 -req -days 365 -in grafana.csr -signkey grafana.key -out grafana.crt

Note: If you type ls -l you will see your certifcates

  • Next you must set the certificate, key file ownership, and permissions so that they can be accessed by Grafana.
sudo chown grafana:grafana grafana.crt
sudo chown grafana:grafana grafana.key
sudo chmod 400 grafana.key grafana.crt
  • now move the files to your grafana installation folder. Default is /etc/grafana
sudo mv grafana.crt grafana.key /etc/grafana/
  • Now edit your grafana.ini default is /etc/grafana/grafana.ini
sudo vim /etc/grafana/grafana.ini
  • Locate the #HTTP options. Set the properties as:
protocol = https
cert_key = /etc/grafana/grafana.key
cert_file = /etc/grafana/grafana.crt
  • Save and close the file, and now restart the grafana service
sudo service grafana-server restart
  • Next Browse to you server IP address and you should be prompted for a SSL certificate

As this is a Self Signed Certificate, you will be prompted once like this:

Note: You will always have to accept this prompt (only once) unless you have purchased a Signed Certificate from a certificate vendor such as https://www.digicert.com/