All Apps and Add-ons

Office365 - Azure Audit certificate failure (Red Hat with Proxy) issue

Splunk Employee
Splunk Employee

Hi,
We are still getting errors even though we have added our Root CA and Intermediate CA to Red Hat's local certificate db.

We are using Splunk_TA_microsoft-cloudservices v2.03 on Splunk Enterprise 6.6.2 running on Red Hat 7.4

Root CA added to /etc/pki/ca-trust/source/anchors/company_root.pem (base64 encoded)
Intermediate CA added to /etc/pki/ca-trust/source/anchors/company_int.pem (base64 encoded)

update-ca-trust

AuthenticationError: , SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)

0 Karma
1 Solution

Splunk Employee
Splunk Employee

I will answer my own question because this was not documented. I had to read code.

The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was:

Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem

We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working.

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

I will answer my own question because this was not documented. I had to read code.

The correct certificate file to update with your Root CA and intermediate CA (which we need since we are inspecting SSL traffic) was:

Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem

We appended the /etc/pki/tls/certs/ca-bundle.crt to Splunk_TA_microsoft-cloudservices/bin/splunktamscs/certify/cacert.pem and started working.

View solution in original post

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!