All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

After upgrading Splunk Add-on for Tenable from 5.1.2 to 5.1.3, why am I getting [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed errors?

scottrunyon
Contributor
‎04-10-2018 11:23 AM

After I upgraded Splunk Add-on for Tenable from 5.1.2 to 5.1.3, I started getting [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed errors.

I went to "https://docs.splunk.com/Documentation/AddOns/released/Nessus/Troubleshoot" to try and resolve this issue.

I added to local/inputs.conf
[nessus://nessus_input]
disable_ssl_certificate_validation = true

This did not solve the issue.

I looked at /default/inputs.conf and found
[nessus]
disable_ssl_certificate_validation = false and I added that to local/inputs.conf and changed to true.

This didn't solve my issue.

I then tried the steps under the SSL certificate issues in troubleshooting and added the cert to the cacerts.txt file.

This did not solve my issue.

I then went looking on Splunk Answers and found "https://answers.splunk.com/answers/591662/splunk-add-on-for-tenable-nessus.html"

I added to local/nessus.conf
[tenable_sc_settings]
disable_ssl_certificate_validation = true

This did not solve my issue.

I did restart Splunk after each change.

What else should I do to get the data into Splunk?

Thanks in advance for any help.

Scott

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

scottrunyon
Contributor
‎04-11-2018 04:40 AM

After doing a btool search, I found there were disable_ssl_certificate_validation = false entries under
/etc/apps/search/local/inputs.conf. I changed to true and now I am able to index the scan data.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

scottrunyon
Contributor
‎04-11-2018 04:40 AM

After doing a btool search, I found there were disable_ssl_certificate_validation = false entries under
/etc/apps/search/local/inputs.conf. I changed to true and now I am able to index the scan data.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-16-2018 12:12 PM

In my case, using 5.1.4, the setting was hiding in etc/apps/splunk_ta_nessus/default/nessus.conf. Overriding it in local/nessus.conf fixed. The documentation and .spec files did not mention this file.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top