All Apps and Add-ons

Getting error when trying to set up o365 Add-on.

Warren_Laya
Explorer

Hi All

trying to set this up and im getting the following error:

rllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.533 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)

I realise the URL says :

import urllib3
urllib3.disable_warnings()

but where does that actually go in the script?

Labels (1)
0 Karma
1 Solution

Warren_Laya
Explorer

resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"

  • Convert zscaler certificate to .pem
    openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM
  • Insert .pem into o365 app cacert
    cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem
  • Ensure ownership
    chown splunk.splunk *
  • Restart splunk
    systemctl restart splunk
  • Add tenant

This might be useful for anyone else with certificate issues.

View solution in original post

thambisetty
Super Champion

/opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py

connectionpool.py might be throwing this warning.

can you check connectionpool.py if its importing urllib3?

if yes, add to this file.

————————————
If this helps, give a like below.
0 Karma

Warren_Laya
Explorer

Add where to the file? If I just put it in the top I get the same error, if I put it in the line where the error is I get another error, I know it needs to be added, but where is it added?

0 Karma

thambisetty
Super Champion

first method,

in that file, you can add below:
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarningrequests.packages.urllib3.disable_warnings(InsecureRequestWarning)

OR another method is 

This warning can be disabled by setting PYTHONWARNINGS="ignore:Unverified HTTPS request" in ~/.bashrc of user with which splunk is running.

————————————
If this helps, give a like below.
0 Karma

Warren_Laya
Explorer

resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"

  • Convert zscaler certificate to .pem
    openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM
  • Insert .pem into o365 app cacert
    cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem
  • Ensure ownership
    chown splunk.splunk *
  • Restart splunk
    systemctl restart splunk
  • Add tenant

This might be useful for anyone else with certificate issues.

nicktaitano
Explorer

THANK YOU THIS RESOLVED OUR ISSUE.

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...