Hi, Michael, I was trying to test out the SSL Certificate Checker add-on on Splunk on Centos, however I'm not seeing any results when I search.
I ran the following command to download the cert for google.com to SSL Certificate Checker
true | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -in /dev/stdin > /tmp/google.com.pem
I then went to the setup page for the SSL Certificate Checker add-on.
I set a interval of
* * * * * (i.e. once a minute)
Under enter a list of comma separated certificate paths here, I entered
#ssl.conf [SSLConfiguration] certPaths = /tmp/google.com.pem disabled = 0 #inputs.conf [script://./bin/ssl_checker2.py] index = preview interval = * * * * * disabled = 0
Since this app is not supported on UF, what is the alternate option available in Splunk to collect and index data about all SSL certificated installed on the UF server?
You can always create a scripted input of the following:
openssl x509 -in /path/to/cert -noout -enddate
Assuming you have openssl installed.
If not, you can package it as a stand-alone binary and ship it with an app that includes the scripted input.
@rob_jordan - Did your answer provide a working solution to your question? If yes and you would like to close out your post, don't forget to click "Accept". But if you'd like to keep it open for possibilities of other answers, you don't have to take action on it yet. Thanks!