All Apps and Add-ons

Http post request to Splunk REST API with certificate verification


Hi All,

I want to secure the http post request made to Splunk REST API over https with certificate verification. I am using following code in python"https://localhost:8089/services/auth/login",data={'username':'admin', 'password':'admin'},allow_redirects=True,stream=True,verify=True)

I always get following error

requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:595)

I have tried providing certificate path in verify field, still I get same error.

Any idea?

0 Karma
1 Solution


You'll never get "localhost" certs to verify.

Change verify=True to verify=False. The communication will still be encrypted.

Or access the server through a FQDN that is associated with a valid SSL certificate. something link

View solution in original post

Splunk Employee
Splunk Employee

Self-signed certs are not valid so you cannot use cert validation.

If you want to use a valid cert, you need to replace the self-signed cert on the Splunk side with one issued from a cert authority. You can get a free one for example at

0 Karma


You can use self signed certificate as well, you just need to add them to trust store.

0 Karma


You'll never get "localhost" certs to verify.

Change verify=True to verify=False. The communication will still be encrypted.

Or access the server through a FQDN that is associated with a valid SSL certificate. something link


If I use verify=False, it will disable certificate verification. I want to enable certificate verification. Also note I am using default self signed certificate.

0 Karma


You'll never get self signed certificates to verify unless you place that self signed certificate in your trusted root store or otherwise introduce it to your internal Public/Private Key Infrastructure. Dont get me wrong, some organizations have their own PKI and they can sign their own certs all day long, and their laptops trust their own PKI and those certs will verify just fine. This will never work with LOCALHOST as your common name however. Not with your own PKI, and not with a "LOCALHOST" certificate in your trusted root store, and you'll never be able to the a "LOCALHOST" certificate from a public signing authority either.

The only way around your error for self signed "LOCALHOST" certificates will be to disable the verification.

Option B:
put something in your hosts file like this:

Then generate your own self signed certificate with a CN of Then add this certificate to your trusted root store. Now open in your webrowser.

Assuming you do this right, the site should have a green padlock in your web browser, and will then work with verify=True in your request.

Again, the communication will still be encrypted even if you disable the verification.

0 Karma


I had tried generating CA certificate for my URL, but I am getting same error there as well.
I had generated self signed certificate using openssl for Then signed it using SplunkCommonCA. Then I had tried to make post to that server.

I had not added it to trust store
Can you let me know what's the trust store for python on Linux /Mac?

0 Karma

0 Karma


Thanks @jkat54.

I was able to resolve this problem. We need to install certificate into trusted store of request /httplib module which ever we are using for making request. I am listing all the steps that I had performed for the reference:
I have generated new certificate and signed it with SplunkCommonCA.

Generate New certificate for Splunk Management Port

1) Generate new certificate
openssl genrsa -des3 -out mysplunk.key 2048

2) Generate Certificate Request
openssl req -new -key mysplunk.key -out mysplunk.csr

---> Please ensure you enter the hostname/IP Address, when asked for CN. 

3) Remove pass phrase from the key
openssl rsa -in mysplunk.key -out mysplunknop.key

4) Generate new Certificate using, SplunkCommonCA as signing authority
openssl x509 -req -days 365 -in mysplunk.csr -CA $SPLUNK_HOME/etc/auth/cacert.pem -CAkey $SPLUNK_HOME/etc/auth/ca.pem -CAcreateserial -out mysplunk.pem

5) Add SplunkCommonCA certificate to newly generated certificate

cat $SPLUNK_HOME/etc/auth/cacert.pem >> mysplunk.pem

6) Add private key to your newly generated certificate
 cat mysplunknop.key >> mysplunk.pem

7) Go to $SPLUNK_HOME/etc/system/local/web.conf and update certificate key and certificate as follows:

enableSplunkWebSSL = true
privKeyPath = etc/auth/splunkweb/mysplunknop.key
caCertPath = etc/auth/splunkweb/mysplunk.pem

8) To change the certificate for management port: Go to  $SPLUNK_HOME/etc/system/local/server.conf

Add following
sslKeysfile = splunkweb/mysplunk.pem
sslKeysfilePassword = 

9) For requests module, Copy the SplunkCommonCA certificate into cacerts.pem available at 

For HTTPLib module, copy SplunkCommonCA certificate into cacerts.txt available at /Applications/Splunk/lib/python2.7/site-packages/httplib2/cacerts.txt


Well then, i believe we've answered the question. Can you mark this as the answer?

0 Karma


Seeing as how I've created 3 SSL apps for splunk, all of which use requests lib and python... I'm hoping you'll take my word for this.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...