All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to disable SSL Validation in SNOW Security Operations Add-On?

slea_splunk
Splunk Employee
Splunk Employee
‎07-23-2018 01:33 PM

Hello,
I am trying to integrate Splunk and an On-Prem ServiceNow instance. The ServiceNow instance is not properly validating SSL certs, so I'd like to disable SSL validation for the ServiceNow Security Operations Add-On (https://splunkbase.splunk.com/app/3921/)

I've already done this for the ServiceNow Add On (https://splunkbase.splunk.com/app/1928/) by setting disable_ssl_certificate_validation = 1 in the [snow_default] stanza of the service_now.conf file. But I can't find corresponding instructions to do this for the Security Operations Add-On.

So, the specific question is: How can I disable SSL Validation in SNOW Security Operations Add-On (is there a way that is similar to how i can disable it in the ServiceNow Add-On)?

0 Karma
Reply

rfjohns1
Observer
‎11-08-2019 02:12 PM

Thanks,

But a proxy should not be needed for out environment. I can connect a browser to the ServiceNow url without a proxy since both Splunk and Service Now are internal to our network.

Am I misunderstanding something?

0 Karma
Reply

ivanreis
Builder
‎11-10-2019 02:45 PM

the service now instance that I worked to integrate into splunk was running at public domain, so for this reason I mentioned for you to use a proxy. I am not aware that your service now is running inside your network and I did not have issues with ssl.

0 Karma
Reply

droe
Explorer
‎07-24-2018 05:17 PM

I'd strongly suggest to fix the certificate of your Service Now instance instead of basically disabling the security provided by SSL/TLS.

0 Karma
Reply

ivanreis
Builder
‎11-07-2019 03:06 PM

Have you setup the proxy server configuration? When I deployed the integration I have to setup the proxy in order to get splunk connected properly to Snow from ssl connection.
the configuration is similiar with this. For the new add-on version there is tab for proxy configuration under service now add-on or you can edit the config file at $SPLUNK_HOME/etc/apps/Splunk_TA_snow/local/splunk_ta_snow_settings.conf

[proxy]
proxy_enabled = 0 Indicates whether connection to ServiceNow occurs through a proxy. The default is false.
proxy_url = URL or IP address for the proxy connection
proxy_port = Port for the proxy connection
proxy_username = Username for the proxy connection
proxy_password = Password for the proxy connection
proxy_rdns If you use the proxy to do DNS resolution, set this value to 1. The default is 0.
proxy_type The default is http. Other accepted values are http_no_tunnel, socks4, and socks5.

further information : https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Setuptheadd-on

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-24-2018 05:50 AM

Maybe edit or comment on your initial post to explicitly highlight the question you have? The verbiage stops abruptly without a good call for help?

0 Karma
Reply

rfjohns1
Observer
‎11-07-2019 10:17 AM

Followed instructions in the troubleshooting documentation, but the change does not change the behavior.

SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)

splunk_ta_snow_account.conf:
disable_ssl_certificate_validation=1

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...