topic SSL certificate integration in Splunk Dev https://community.splunk.com/t5/Splunk-Dev/SSL-certificate-integration/m-p/692166#M11564 <P>url = "<A href="https://decyfir.cyfirma.com/core/api-ua/user-account/stix/v2.1?isSafe=false&amp;key=key" target="_blank" rel="noopener">https://xyz.com/core/api-ua/user-account/stix/v2.1?isSafe=false&amp;key=key</A>"<BR /># Path to your custom CA bundle (optional, if you need to use a specific CA bundle)<BR />ca_bundle_path = "/home/ubuntu/splunk/etc/apps/APP-Name/certs/ap.pem"<BR /># Make the API call through the HTTPS proxy with SSL verification<BR />response = requests.get(url, proxies=proxies, verify=ca_bundle_path)<BR />print("Response content:", response.content)<BR /><BR />If I use this code in separate python script.. It works and gives the response.<BR /><BR />However, If I use the same code in splunk, It doesn't. I get :</P><P>SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1106)')))</P><P>&nbsp;</P><P>The code that is being used is :</P><DIV><DIV><SPAN>files</SPAN> <SPAN>=</SPAN> <SPAN>os</SPAN><SPAN>.</SPAN><SPAN>path</SPAN><SPAN>.</SPAN><SPAN>join</SPAN><SPAN>(</SPAN><SPAN>os</SPAN><SPAN>.</SPAN><SPAN>environ</SPAN><SPAN>[</SPAN><SPAN>'SPLUNK_HOME'</SPAN><SPAN>], </SPAN><SPAN>'etc'</SPAN><SPAN>, </SPAN><SPAN>'apps'</SPAN><SPAN>, </SPAN><SPAN>'App-Name'</SPAN><SPAN>, </SPAN><SPAN>'certs'</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>pem_files</SPAN> <SPAN>=</SPAN><SPAN> [</SPAN><SPAN>f</SPAN><SPAN>"</SPAN><SPAN>{</SPAN><SPAN>files</SPAN><SPAN>}</SPAN><SPAN>/</SPAN><SPAN>{</SPAN><SPAN>file</SPAN><SPAN>}</SPAN><SPAN>"</SPAN> <SPAN>for</SPAN> <SPAN>file</SPAN> <SPAN>in</SPAN> <SPAN>os</SPAN><SPAN>.</SPAN><SPAN>listdir</SPAN><SPAN>(</SPAN><SPAN>path</SPAN><SPAN>=</SPAN><SPAN>files</SPAN><SPAN>) </SPAN><SPAN>if</SPAN><SPAN> (</SPAN><SPAN>file</SPAN><SPAN>.</SPAN><SPAN>endswith</SPAN><SPAN>(</SPAN><SPAN>'.pem'</SPAN><SPAN>) </SPAN><SPAN>or</SPAN> <SPAN>file</SPAN><SPAN>.</SPAN><SPAN>endswith</SPAN><SPAN>(</SPAN><SPAN>'.crt'</SPAN><SPAN>))]</SPAN></DIV><DIV><SPAN>url</SPAN> <SPAN>=</SPAN> <SPAN>f</SPAN><SPAN>"</SPAN><SPAN>{</SPAN><SPAN>url</SPAN><SPAN>}</SPAN><SPAN>/core/api-ua/v2/alerts/attack-surface?type=open-ports&amp;size=1&amp;key=</SPAN><SPAN>{</SPAN><SPAN>api_token</SPAN><SPAN>}</SPAN><SPAN>"</SPAN></DIV><DIV><SPAN>if</SPAN> <SPAN>pem_files</SPAN><SPAN>:</SPAN></DIV><DIV><SPAN>logger</SPAN><SPAN>.</SPAN><SPAN>info</SPAN><SPAN>(</SPAN><SPAN>f</SPAN><SPAN>"Certificate used: </SPAN><SPAN>{</SPAN><SPAN>pem_files</SPAN><SPAN>[</SPAN><SPAN>0</SPAN><SPAN>]</SPAN><SPAN>}</SPAN><SPAN>"</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>logger</SPAN><SPAN>.</SPAN><SPAN>info</SPAN><SPAN>(</SPAN><SPAN>requests</SPAN><SPAN>.</SPAN><SPAN>__version__</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>logger</SPAN><SPAN>.</SPAN><SPAN>info</SPAN><SPAN>(</SPAN><SPAN>urllib3</SPAN><SPAN>.</SPAN><SPAN>__version__</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>logger</SPAN><SPAN>.</SPAN><SPAN>info</SPAN><SPAN>(</SPAN><SPAN>proxy_settings</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>response</SPAN> <SPAN>=</SPAN> <SPAN>requests</SPAN><SPAN>.</SPAN><SPAN>request</SPAN><SPAN>(</SPAN></DIV><DIV><SPAN>GET</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>url</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>verify</SPAN><SPAN>=</SPAN><SPAN>pem_files</SPAN><SPAN>[</SPAN><SPAN>0</SPAN><SPAN>],</SPAN></DIV><DIV><SPAN>proxies</SPAN><SPAN>=</SPAN><SPAN>proxy_settings</SPAN></DIV><DIV><SPAN>)</SPAN></DIV><DIV><SPAN>response</SPAN><SPAN>.</SPAN><SPAN>raise_for_status</SPAN><SPAN>()<BR /><BR /><BR /></SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>In the place of verify=pem_files[0],I have added verify="/home/ubuntu/splunk/etc/apps/APP-Name/certs/ap.pem"<BR /><BR />Still same error.</SPAN></DIV></DIV> Tue, 02 Jul 2024 05:31:17 GMT gurunagasimha 2024-07-02T05:31:17Z SSL certificate integration https://community.splunk.com/t5/Splunk-Dev/SSL-certificate-integration/m-p/692166#M11564 <P>url = "<A href="https://decyfir.cyfirma.com/core/api-ua/user-account/stix/v2.1?isSafe=false&amp;key=key" target="_blank" rel="noopener">https://xyz.com/core/api-ua/user-account/stix/v2.1?isSafe=false&amp;key=key</A>"<BR /># Path to your custom CA bundle (optional, if you need to use a specific CA bundle)<BR />ca_bundle_path = "/home/ubuntu/splunk/etc/apps/APP-Name/certs/ap.pem"<BR /># Make the API call through the HTTPS proxy with SSL verification<BR />response = requests.get(url, proxies=proxies, verify=ca_bundle_path)<BR />print("Response content:", response.content)<BR /><BR />If I use this code in separate python script.. It works and gives the response.<BR /><BR />However, If I use the same code in splunk, It doesn't. I get :</P><P>SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1106)')))</P><P>&nbsp;</P><P>The code that is being used is :</P><DIV><DIV><SPAN>files</SPAN> <SPAN>=</SPAN> <SPAN>os</SPAN><SPAN>.</SPAN><SPAN>path</SPAN><SPAN>.</SPAN><SPAN>join</SPAN><SPAN>(</SPAN><SPAN>os</SPAN><SPAN>.</SPAN><SPAN>environ</SPAN><SPAN>[</SPAN><SPAN>'SPLUNK_HOME'</SPAN><SPAN>], </SPAN><SPAN>'etc'</SPAN><SPAN>, </SPAN><SPAN>'apps'</SPAN><SPAN>, </SPAN><SPAN>'App-Name'</SPAN><SPAN>, </SPAN><SPAN>'certs'</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>pem_files</SPAN> <SPAN>=</SPAN><SPAN> [</SPAN><SPAN>f</SPAN><SPAN>"</SPAN><SPAN>{</SPAN><SPAN>files</SPAN><SPAN>}</SPAN><SPAN>/</SPAN><SPAN>{</SPAN><SPAN>file</SPAN><SPAN>}</SPAN><SPAN>"</SPAN> <SPAN>for</SPAN> <SPAN>file</SPAN> <SPAN>in</SPAN> <SPAN>os</SPAN><SPAN>.</SPAN><SPAN>listdir</SPAN><SPAN>(</SPAN><SPAN>path</SPAN><SPAN>=</SPAN><SPAN>files</SPAN><SPAN>) </SPAN><SPAN>if</SPAN><SPAN> (</SPAN><SPAN>file</SPAN><SPAN>.</SPAN><SPAN>endswith</SPAN><SPAN>(</SPAN><SPAN>'.pem'</SPAN><SPAN>) </SPAN><SPAN>or</SPAN> <SPAN>file</SPAN><SPAN>.</SPAN><SPAN>endswith</SPAN><SPAN>(</SPAN><SPAN>'.crt'</SPAN><SPAN>))]</SPAN></DIV><DIV><SPAN>url</SPAN> <SPAN>=</SPAN> <SPAN>f</SPAN><SPAN>"</SPAN><SPAN>{</SPAN><SPAN>url</SPAN><SPAN>}</SPAN><SPAN>/core/api-ua/v2/alerts/attack-surface?type=open-ports&amp;size=1&amp;key=</SPAN><SPAN>{</SPAN><SPAN>api_token</SPAN><SPAN>}</SPAN><SPAN>"</SPAN></DIV><DIV><SPAN>if</SPAN> <SPAN>pem_files</SPAN><SPAN>:</SPAN></DIV><DIV><SPAN>logger</SPAN><SPAN>.</SPAN><SPAN>info</SPAN><SPAN>(</SPAN><SPAN>f</SPAN><SPAN>"Certificate used: </SPAN><SPAN>{</SPAN><SPAN>pem_files</SPAN><SPAN>[</SPAN><SPAN>0</SPAN><SPAN>]</SPAN><SPAN>}</SPAN><SPAN>"</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>logger</SPAN><SPAN>.</SPAN><SPAN>info</SPAN><SPAN>(</SPAN><SPAN>requests</SPAN><SPAN>.</SPAN><SPAN>__version__</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>logger</SPAN><SPAN>.</SPAN><SPAN>info</SPAN><SPAN>(</SPAN><SPAN>urllib3</SPAN><SPAN>.</SPAN><SPAN>__version__</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>logger</SPAN><SPAN>.</SPAN><SPAN>info</SPAN><SPAN>(</SPAN><SPAN>proxy_settings</SPAN><SPAN>)</SPAN></DIV><DIV><SPAN>response</SPAN> <SPAN>=</SPAN> <SPAN>requests</SPAN><SPAN>.</SPAN><SPAN>request</SPAN><SPAN>(</SPAN></DIV><DIV><SPAN>GET</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>url</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>verify</SPAN><SPAN>=</SPAN><SPAN>pem_files</SPAN><SPAN>[</SPAN><SPAN>0</SPAN><SPAN>],</SPAN></DIV><DIV><SPAN>proxies</SPAN><SPAN>=</SPAN><SPAN>proxy_settings</SPAN></DIV><DIV><SPAN>)</SPAN></DIV><DIV><SPAN>response</SPAN><SPAN>.</SPAN><SPAN>raise_for_status</SPAN><SPAN>()<BR /><BR /><BR /></SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>In the place of verify=pem_files[0],I have added verify="/home/ubuntu/splunk/etc/apps/APP-Name/certs/ap.pem"<BR /><BR />Still same error.</SPAN></DIV></DIV> Tue, 02 Jul 2024 05:31:17 GMT https://community.splunk.com/t5/Splunk-Dev/SSL-certificate-integration/m-p/692166#M11564 gurunagasimha 2024-07-02T05:31:17Z