After enabling TLS, the PD homepage is inaccessible

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: 开启tls后,pd主页无法访问

| username: TiDBer_A8Tz33vz

[TiDB Usage Environment] Testing
[TiDB Version] V7.0.0
[Reproduction Path] Enable cluster TLS communication via tiup cluster tls tidb-test enable
[Encountered Issue: Phenomenon and Impact] After enabling TLS communication for the cluster, the PD management page, such as https://10.8.15.35:2379/dashboard, becomes inaccessible. Tried using different browsers and importing the automatically generated client CA certificate and cert certificate used by tiup into the browser, but the issue remains unresolved.
[Resource Configuration]
[Attachments: Screenshots/Logs/Monitoring]



image
image

| username: Anna | Original post link

Refer to this

| username: zhanggame1 | Original post link

TSL requires that both the client and server certificates are issued by the same CA. Please verify this.

| username: TiDBer_A8Tz33vz | Original post link

The issue has been resolved, thank you all for your help.
The certificate that needs to be installed in the browser is the client.pfx file, I previously installed the wrong one. It is not the client.crt file.

| username: zhanggame1 | Original post link

The PFX file contains a private key, and it only needs to be installed in the browser for mutual authentication. For general websites that only require encryption, the browser only needs the CA public key.

| username: TiDBer_A8Tz33vz | Original post link

Installing ca.crt and client.crt didn’t work, but installing client.pfx solved the problem.

| username: caiyfc | Original post link

I previously posted a thread with the steps:
Column - The Trials and Tribulations of TiDB Production Cluster and Encrypted Communication TLS - Tools Edition | TiDB Community

| username: TiDBer_A8Tz33vz | Original post link

Yes, it was by seeing your post that I found the solution. Thank you very much.

| username: caiyfc | Original post link

:rofl: You’re too kind. Posting articles is also to help everyone quickly solve problems.

| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.