All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Office365 - Azure Audit certificate failure (Red Hat with Proxy) issue

abalogh_splunk
Splunk Employee
Splunk Employee
‎09-12-2017 01:43 AM

Hi,
We are still getting errors even though we have added our Root CA and Intermediate CA to Red Hat's local certificate db.

We are using Splunk_TA_microsoft-cloudservices v2.03 on Splunk Enterprise 6.6.2 running on Red Hat 7.4

Root CA added to /etc/pki/ca-trust/source/anchors/company_root.pem (base64 encoded)
Intermediate CA added to /etc/pki/ca-trust/source/anchors/company_int.pem (base64 encoded)

update-ca-trust

AuthenticationError: , SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

abalogh_splunk
Splunk Employee
Splunk Employee
‎09-12-2017 01:51 AM

I will answer my own question because this was not documented. I had to read code.

The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was:

Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem

We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working.

View solution in original post

Reply
Solved! Jump to solution

season88481
Contributor
‎07-15-2021 09:02 PM

We have the similar issue too. So appending our own CA cert to the bottom of the cacert.pem fixed our issue.

 

Please note at our version (4.1.3) the cacert.pem is located at $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/lib/certifi/ folder. if you cannot find it at these folders, perhaps use any "find" command would do the trick.

I think Splunk should document this workaround at the doc, as it is very common that companies would use their own company signed certificate for the Azure management endpoint.

0 Karma
Reply
Solved! Jump to solution
Solution

abalogh_splunk
Splunk Employee
Splunk Employee
‎09-12-2017 01:51 AM

I will answer my own question because this was not documented. I had to read code.

The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was:

Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem

We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working.

Reply
Solved! Jump to solution

laurie_gellatly
Communicator
‎03-07-2021 04:13 PM

This fixed the problem that I was facing. Thanks for posting.

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...