All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Office365 - Azure Audit certificate failure (Red Hat with Proxy) issue

abalogh_splunk
Splunk Employee
Splunk Employee
‎09-12-2017 01:43 AM

Hi,
We are still getting errors even though we have added our Root CA and Intermediate CA to Red Hat's local certificate db.

We are using Splunk_TA_microsoft-cloudservices v2.03 on Splunk Enterprise 6.6.2 running on Red Hat 7.4

Root CA added to /etc/pki/ca-trust/source/anchors/company_root.pem (base64 encoded)
Intermediate CA added to /etc/pki/ca-trust/source/anchors/company_int.pem (base64 encoded)

update-ca-trust

AuthenticationError: , SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

abalogh_splunk
Splunk Employee
Splunk Employee
‎09-12-2017 01:51 AM

I will answer my own question because this was not documented. I had to read code.

The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was:

Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem

We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working.

View solution in original post

Reply
Solved! Jump to solution

season88481
Contributor
‎07-15-2021 09:02 PM

We have the similar issue too. So appending our own CA cert to the bottom of the cacert.pem fixed our issue.

 

Please note at our version (4.1.3) the cacert.pem is located at $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/lib/certifi/ folder. if you cannot find it at these folders, perhaps use any "find" command would do the trick.

I think Splunk should document this workaround at the doc, as it is very common that companies would use their own company signed certificate for the Azure management endpoint.

0 Karma
Reply
Solved! Jump to solution
Solution

abalogh_splunk
Splunk Employee
Splunk Employee
‎09-12-2017 01:51 AM

I will answer my own question because this was not documented. I had to read code.

The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was:

Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem

We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working.

Reply
Solved! Jump to solution

laurie_gellatly
Communicator
‎03-07-2021 04:13 PM

This fixed the problem that I was facing. Thanks for posting.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Word Search

This challenge was first posted on Slack #puzzles channelThis puzzle is based on a letter grid containing ...

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4

Advent of CodeIn order to participate in these challenges, you will need to register with the Advent of Code ...

GA: S3 Promote for Historical Data Ingestion in Splunk Cloud

Ingest Historical S3 Data On-Demand: Announcing the General Availability of S3 Promote We’re excited to share ...