All Apps and Add-ons

How do I fix this error when trying to set up o365 Add-on?

Warren_Laya
Explorer

Hi All

trying to set this up and im getting the following error:

rllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.533 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)

I realise the URL says :

import urllib3
urllib3.disable_warnings()

but where does that actually go in the script?

Labels (1)
0 Karma
1 Solution

Warren_Laya
Explorer

resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"

  • Convert zscaler certificate to .pem
    openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM
  • Insert .pem into o365 app cacert
    cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem
  • Ensure ownership
    chown splunk.splunk *
  • Restart splunk
    systemctl restart splunk
  • Add tenant

This might be useful for anyone else with certificate issues.

View solution in original post

thambisetty
SplunkTrust
SplunkTrust

/opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py

connectionpool.py might be throwing this warning.

can you check connectionpool.py if its importing urllib3?

if yes, add to this file.

————————————
If this helps, give a like below.
0 Karma

Warren_Laya
Explorer

Add where to the file? If I just put it in the top I get the same error, if I put it in the line where the error is I get another error, I know it needs to be added, but where is it added?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

first method,

in that file, you can add below:
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarningrequests.packages.urllib3.disable_warnings(InsecureRequestWarning)

OR another method is 

This warning can be disabled by setting PYTHONWARNINGS="ignore:Unverified HTTPS request" in ~/.bashrc of user with which splunk is running.

————————————
If this helps, give a like below.
0 Karma

Warren_Laya
Explorer

resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"

  • Convert zscaler certificate to .pem
    openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM
  • Insert .pem into o365 app cacert
    cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem
  • Ensure ownership
    chown splunk.splunk *
  • Restart splunk
    systemctl restart splunk
  • Add tenant

This might be useful for anyone else with certificate issues.

jason_prondak
Explorer

Looking at the code.  /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem does not get referenced anywhere. There is only a comment to. but no actual code to do it.

 

0 Karma

Warren_Laya
Explorer

Not sure its in its own code or how Splunk launches the app but this 100% resolved my issue.

0 Karma

nicktaitano
Explorer

THANK YOU THIS RESOLVED OUR ISSUE.

Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...