Solved: Re: Disable SSL validation Tenable add-on

splunk_kk · ‎05-15-2018

Hi Team,

We are using certificates on our Tenable Security Center and have disabled SSL validation in splunk under tenable add-on. The config we have done is as below:

[tenable_sc_settings]
disable_ssl_certificate_validation = 1

Just wanted to know if it only disables the verification of identity of the server and the encryption still occurs? or is it something more than that?

Thanks!

xpac · ‎05-16-2018

Disabling SSL Certificate validation (in almost any product) usually means, do not:

Check if hostname and certificate SAN match
Check if the CA that issued the certificate is trusted
Check if the certificate has expired or has been revoked

Actually, it means "Do encryption, but don't care at all about who is on the other side - if the other side supports encryption, encrypt it."

View solution in original post

xpac · ‎05-16-2018

Disabling SSL Certificate validation (in almost any product) usually means, do not:

Check if hostname and certificate SAN match
Check if the CA that issued the certificate is trusted
Check if the certificate has expired or has been revoked

Actually, it means "Do encryption, but don't care at all about who is on the other side - if the other side supports encryption, encrypt it."

Disable SSL validation Tenable add-on

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Join the Conversation