https://community.splunk.com/t5/Splunk-Dev/How-to-use-an-encrypted-client-TLS-SSL-key-to-query-an-API/m-p/513897#M9163 <P>Our company policy requires an SSL private key to be encrypted. Unfortunately, my script is using the requests library which doesn't support this, as written in its documentation (feature request : <A href="https://github.com/psf/requests/issues/1573" target="_blank" rel="noopener">https://github.com/psf/requests/issues/1573</A>)</P><P>There seems to be a workaround by using a custom adapater (<A href="https://github.com/m-click/requests_pkcs12" target="_blank" rel="noopener">https://github.com/m-click/requests_pkcs12</A>) which is using pkcs12 package files (which contain both the certificate and the key&nbsp; and can be encrypted). I've installed this adapter under "lib" in my app directory (and I added the line of code to my script to append this path to the library path).</P><P>But this adapter is requiring the pyopenssl library (shipped with Splunk, installed in the python default library path) but this one, in turns, requires ndg.httpsclient.ssl_peer_verification (not shipped with Splunk!). So the adapter fails to load.</P><P>So in the end 2 questions:</P><P>1) Is anybody having to use client-side SSL authentication to query an API and is using an encrypted key ? How to make it work ?</P><P>2) Is there a clean way to add ndg.httpsclient.ssl_peer_verification to the libraries available to splunk so that pyopenssl can be loaded ? I've tried to add it to my app's "lib" directory but it seems that pyopenssl can not find it (maybe it expects to find it in the "default" directory ?)</P> Thu, 13 Aug 2020 12:35:57 GMT yoho 2020-08-13T12:35:57Z https://community.splunk.com/t5/Splunk-Dev/How-to-use-an-encrypted-client-TLS-SSL-key-to-query-an-API/m-p/513897#M9163 <P>Our company policy requires an SSL private key to be encrypted. Unfortunately, my script is using the requests library which doesn't support this, as written in its documentation (feature request : <A href="https://github.com/psf/requests/issues/1573" target="_blank" rel="noopener">https://github.com/psf/requests/issues/1573</A>)</P><P>There seems to be a workaround by using a custom adapater (<A href="https://github.com/m-click/requests_pkcs12" target="_blank" rel="noopener">https://github.com/m-click/requests_pkcs12</A>) which is using pkcs12 package files (which contain both the certificate and the key&nbsp; and can be encrypted). I've installed this adapter under "lib" in my app directory (and I added the line of code to my script to append this path to the library path).</P><P>But this adapter is requiring the pyopenssl library (shipped with Splunk, installed in the python default library path) but this one, in turns, requires ndg.httpsclient.ssl_peer_verification (not shipped with Splunk!). So the adapter fails to load.</P><P>So in the end 2 questions:</P><P>1) Is anybody having to use client-side SSL authentication to query an API and is using an encrypted key ? How to make it work ?</P><P>2) Is there a clean way to add ndg.httpsclient.ssl_peer_verification to the libraries available to splunk so that pyopenssl can be loaded ? I've tried to add it to my app's "lib" directory but it seems that pyopenssl can not find it (maybe it expects to find it in the "default" directory ?)</P> Thu, 13 Aug 2020 12:35:57 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-use-an-encrypted-client-TLS-SSL-key-to-query-an-API/m-p/513897#M9163 yoho 2020-08-13T12:35:57Z