All Apps and Add-ons

After upgrading Splunk Add-on for Tenable from 5.1.2 to 5.1.3, why am I getting [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed errors?

scottrunyon
Contributor

After I upgraded Splunk Add-on for Tenable from 5.1.2 to 5.1.3, I started getting [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed errors.

I went to "https://docs.splunk.com/Documentation/AddOns/released/Nessus/Troubleshoot" to try and resolve this issue.

I added to local/inputs.conf
[nessus://nessus_input]
disable_ssl_certificate_validation = true

This did not solve the issue.

I looked at /default/inputs.conf and found
[nessus]
disable_ssl_certificate_validation = false and I added that to local/inputs.conf and changed to true.

This didn't solve my issue.

I then tried the steps under the SSL certificate issues in troubleshooting and added the cert to the cacerts.txt file.

This did not solve my issue.

I then went looking on Splunk Answers and found "https://answers.splunk.com/answers/591662/splunk-add-on-for-tenable-nessus.html"

I added to local/nessus.conf
[tenable_sc_settings]
disable_ssl_certificate_validation = true

This did not solve my issue.

I did restart Splunk after each change.

What else should I do to get the data into Splunk?

Thanks in advance for any help.

Scott

0 Karma
1 Solution

scottrunyon
Contributor

After doing a btool search, I found there were disable_ssl_certificate_validation = false entries under
/etc/apps/search/local/inputs.conf. I changed to true and now I am able to index the scan data.

View solution in original post

0 Karma

scottrunyon
Contributor

After doing a btool search, I found there were disable_ssl_certificate_validation = false entries under
/etc/apps/search/local/inputs.conf. I changed to true and now I am able to index the scan data.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

In my case, using 5.1.4, the setting was hiding in etc/apps/splunk_ta_nessus/default/nessus.conf. Overriding it in local/nessus.conf fixed. The documentation and .spec files did not mention this file.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!