We are still getting errors even though we have added our Root CA and Intermediate CA to Red Hat's local certificate db.
We are using Splunk_TA_microsoft-cloudservices v2.03 on Splunk Enterprise 6.6.2 running on Red Hat 7.4
Root CA added to /etc/pki/ca-trust/source/anchors/company_root.pem (base64 encoded)
Intermediate CA added to /etc/pki/ca-trust/source/anchors/company_int.pem (base64 encoded)
AuthenticationError: , SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)
I will answer my own question because this was not documented. I had to read code.
The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was:
We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working.
View solution in original post