All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Office365 - Azure Audit certificate failure (Red Hat with Proxy) issue

abalogh_splunk
Splunk Employee
Splunk Employee
‎09-12-2017 01:43 AM

Hi,
We are still getting errors even though we have added our Root CA and Intermediate CA to Red Hat's local certificate db.

We are using Splunk_TA_microsoft-cloudservices v2.03 on Splunk Enterprise 6.6.2 running on Red Hat 7.4

Root CA added to /etc/pki/ca-trust/source/anchors/company_root.pem (base64 encoded)
Intermediate CA added to /etc/pki/ca-trust/source/anchors/company_int.pem (base64 encoded)

update-ca-trust

AuthenticationError: , SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

abalogh_splunk
Splunk Employee
Splunk Employee
‎09-12-2017 01:51 AM

I will answer my own question because this was not documented. I had to read code.

The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was:

Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem

We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working.

View solution in original post

Reply
Solved! Jump to solution

season88481
Contributor
‎07-15-2021 09:02 PM

We have the similar issue too. So appending our own CA cert to the bottom of the cacert.pem fixed our issue.

 

Please note at our version (4.1.3) the cacert.pem is located at $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/lib/certifi/ folder. if you cannot find it at these folders, perhaps use any "find" command would do the trick.

I think Splunk should document this workaround at the doc, as it is very common that companies would use their own company signed certificate for the Azure management endpoint.

0 Karma
Reply
Solved! Jump to solution
Solution

abalogh_splunk
Splunk Employee
Splunk Employee
‎09-12-2017 01:51 AM

I will answer my own question because this was not documented. I had to read code.

The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was:

Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem

We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working.

Reply
Solved! Jump to solution

laurie_gellatly
Communicator
‎03-07-2021 04:13 PM

This fixed the problem that I was facing. Thanks for posting.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...