All Apps and Add-ons

How to resolve error SSL: CERTIFICATE_VERIFY_FAILED?

swapsplunk236
Explorer

Hello All,

Received below error while configuring Mimecast app for Splunkv2.

message from "python "D:\Program Files\Splunk\etc\apps\Splunk_TA_mimecast_for_splunk_v2\bin\Splunk_TA_mimecast_for_splunk_v2.py"" Unexpected error getting base url. Cannot continue.[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:595)

Appreciate any help to resolve this error.

0 Karma
1 Solution

logloganathan
Motivator

Try with bypassing the proxy URL. it will work

View solution in original post

logloganathan
Motivator

Try with bypassing the proxy URL. it will work

ctxrag
Explorer

@logloganathan can you clarify more, how to achieve this?

am running a.py from splunk-sdk examples and get this error:
File "C:\Python27\Lib\ssl.py", line 840, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

hortonew
Builder

I haven't used this app before, but behind the scenes it's using python requests to make web calls to something. In it, it's going to try and do certificate verification on the remote URL (verify=true by default). You have two options 1) verify the endpoints it's hitting have valid certificates that your splunk server trusts or 2) modify Splunk_TA_mimecast_for_splunk_v2.py, making sure any line that says requests.post or requests.get has a parameter verify=False. (e.g. line 196: r = requests.post(url='https:...', verify=false). See: http://docs.python-requests.org/en/master/user/advanced/

marycordova
SplunkTrust
SplunkTrust

You should post the "verify=False" as an answer so it can be accepted and up-voted!

Thank you!

@marycordova
0 Karma

ctxrag
Explorer

How do I do this on windows please?

0 Karma

hortonew
Builder

Should be able to just open the python file mentioned in a text editor and save it. Then restart the Splunk service.

0 Karma

swapsplunk236
Explorer

Thank you very much. I think this too can resolve this error but for now I have resolved by bypassing the SSL inspection for the URL on the proxy that we use.

0 Karma

gjanders
SplunkTrust
SplunkTrust

Please answer and accept so the case can be closed 🙂

This is a very common issue, another trick is to find the cacerts (or cacerts.pem) or similar inside the app and add your custom-SSL certs into that.
However it will be lost on the next upgrade of the application...(so proxy SSL bypass is always better!)

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...