https://community.splunk.com/t5/All-Apps-and-Add-ons/Office365-Azure-Audit-certificate-failure-Red-Hat-with-Proxy/m-p/559741#M66111 <P>We have the similar issue too. So appending our own CA cert to the bottom of the&nbsp;<SPAN>cacert.pem fixed our issue.</SPAN></P><P>&nbsp;</P><P><SPAN>Please note at our version (4.1.3) the&nbsp;cacert.pem is located at&nbsp;$SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/lib/certifi/ folder. if you cannot find it at these folders, perhaps use any "find" command would do the trick.<BR /><BR />I think Splunk should document this workaround at the doc, as it is very common that companies would use their own company signed certificate for the Azure management endpoint.</SPAN></P> Fri, 16 Jul 2021 04:02:14 GMT season88481 2021-07-16T04:02:14Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Office365-Azure-Audit-certificate-failure-Red-Hat-with-Proxy/m-p/330875#M39649 <P>Hi, <BR /> We are still getting errors even though we have added our Root CA and Intermediate CA to Red Hat's local certificate db. </P> <P>We are using Splunk_TA_microsoft-cloudservices v2.03 on Splunk Enterprise 6.6.2 running on Red Hat 7.4</P> <P>Root CA added to /etc/pki/ca-trust/source/anchors/company_root.pem (base64 encoded) <BR /> Intermediate CA added to /etc/pki/ca-trust/source/anchors/company_int.pem (base64 encoded) </P> <H1>update-ca-trust</H1> <P>AuthenticationError: , SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)</P> Tue, 29 Sep 2020 15:43:31 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Office365-Azure-Audit-certificate-failure-Red-Hat-with-Proxy/m-p/330875#M39649 abalogh_splunk 2020-09-29T15:43:31Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Office365-Azure-Audit-certificate-failure-Red-Hat-with-Proxy/m-p/330876#M39650 <P>I will answer my own question because this was not documented. I had to read code. </P> <P>The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was: </P> <P>Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem </P> <P>We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working. </P> Tue, 29 Sep 2020 15:43:34 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Office365-Azure-Audit-certificate-failure-Red-Hat-with-Proxy/m-p/330876#M39650 abalogh_splunk 2020-09-29T15:43:34Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Office365-Azure-Audit-certificate-failure-Red-Hat-with-Proxy/m-p/542762#M65061 <P>This fixed the problem that I was facing. Thanks for posting.</P> Mon, 08 Mar 2021 00:13:03 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Office365-Azure-Audit-certificate-failure-Red-Hat-with-Proxy/m-p/542762#M65061 laurie_gellatly 2021-03-08T00:13:03Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Office365-Azure-Audit-certificate-failure-Red-Hat-with-Proxy/m-p/559741#M66111 <P>We have the similar issue too. So appending our own CA cert to the bottom of the&nbsp;<SPAN>cacert.pem fixed our issue.</SPAN></P><P>&nbsp;</P><P><SPAN>Please note at our version (4.1.3) the&nbsp;cacert.pem is located at&nbsp;$SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/lib/certifi/ folder. if you cannot find it at these folders, perhaps use any "find" command would do the trick.<BR /><BR />I think Splunk should document this workaround at the doc, as it is very common that companies would use their own company signed certificate for the Azure management endpoint.</SPAN></P> Fri, 16 Jul 2021 04:02:14 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Office365-Azure-Audit-certificate-failure-Red-Hat-with-Proxy/m-p/559741#M66111 season88481 2021-07-16T04:02:14Z