All Apps and Add-ons

Getting error when trying to set up o365 Add-on.

Warren_Laya
Explorer

Hi All

trying to set this up and im getting the following error:

rllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.533 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)

I realise the URL says :

import urllib3
urllib3.disable_warnings()

but where does that actually go in the script?

Labels (1)
0 Karma
1 Solution

Warren_Laya
Explorer

resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"

  • Convert zscaler certificate to .pem
    openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM
  • Insert .pem into o365 app cacert
    cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem
  • Ensure ownership
    chown splunk.splunk *
  • Restart splunk
    systemctl restart splunk
  • Add tenant

This might be useful for anyone else with certificate issues.

View solution in original post

thambisetty
Super Champion

/opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py

connectionpool.py might be throwing this warning.

can you check connectionpool.py if its importing urllib3?

if yes, add to this file.

————————————
If this helps, give a like below.
0 Karma

Warren_Laya
Explorer

Add where to the file? If I just put it in the top I get the same error, if I put it in the line where the error is I get another error, I know it needs to be added, but where is it added?

0 Karma

thambisetty
Super Champion

first method,

in that file, you can add below:
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarningrequests.packages.urllib3.disable_warnings(InsecureRequestWarning)

OR another method is 

This warning can be disabled by setting PYTHONWARNINGS="ignore:Unverified HTTPS request" in ~/.bashrc of user with which splunk is running.

————————————
If this helps, give a like below.
0 Karma

Warren_Laya
Explorer

resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"

  • Convert zscaler certificate to .pem
    openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM
  • Insert .pem into o365 app cacert
    cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem
  • Ensure ownership
    chown splunk.splunk *
  • Restart splunk
    systemctl restart splunk
  • Add tenant

This might be useful for anyone else with certificate issues.

nicktaitano
Explorer

THANK YOU THIS RESOLVED OUR ISSUE.

Get Updates on the Splunk Community!

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...