Cisco Nexus 9k Add-on for Splunk Enterprise: Where...

jac_questions · ‎11-06-2023

Versus opening a ticket with Cisco, I was hoping to see if the community could point me in the correct direction. I'm not particularly skilled but have tried some of the various options that were similar to my problem but with no luck.

Splunk version=8.2.3

OS=RHEL 8

Plugin=Cisco Nexus 9k Add-on for Splunk Enterprise from splunkbase.

I can get the plugin to connect using http as the connection method. I'm trying to get the https method to work. I can curl to the switch in question using the cert I generated

(openssl req -x509 -newkey rsa:4096 -keyout hostkey.pem -out hostcert.pem -sha256 -days 30 -nodes -subj "/C=US.../CN=host") then imported to the switch.

( curl --verbose --cacert hostcert.pem https://host)

So at this point I'm confident that the cert and key are installed correctly on the switch and working as expected.

The error I'm receiving (truncated):

Caused by SSLError(SSLCertVerificationError [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate

My guess is that I need to install the certificate somewhere within the /opt/splunk/etc/auth directory , but I'm not sure. I saw some posts that said add to this file or copy into directory, but I can't find the one that works.

Any insight is appreciated.

Thanks

shahzadarif · ‎11-06-2023

I haven't specifically worked on this Add-on but just adding a cert somewhere won't be enough. You'll need to refer to it in a conf file. I'd start by looking at the app doc (if any) or the code to see if it mentions what config file to use.

Cisco Nexus 9k Add-on for Splunk Enterprise: Where does the nxapi/switch self-signed cert need to be placed?

configuration

installation

troubleshooting

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services