All Apps and Add-ons

SSL Certificate Checker: How to configure the add-on on Centos?

Motivator

Hi, Michael, I was trying to test out the SSL Certificate Checker add-on on Splunk on Centos, however I'm not seeing any results when I search.

I ran the following command to download the cert for google.com to SSL Certificate Checker

true | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -in /dev/stdin > /tmp/google.com.pem

I then went to the setup page for the SSL Certificate Checker add-on.
I set a interval of * * * * * (i.e. once a minute)
Under enter a list of comma separated certificate paths here, I entered /tmp/google.com.pem

#ssl.conf
[SSLConfiguration]
certPaths = /tmp/google.com.pem
disabled = 0

#inputs.conf
[script://./bin/ssl_checker2.py]
index = preview
interval = * * * * *
disabled = 0
0 Karma
1 Solution

Motivator

Ok, I believe another restart of Splunk corrected it. I'm now seeing events.

View solution in original post

Since this app is not supported on UF, what is the alternate option available in Splunk to collect and index data about all SSL certificated installed on the UF server?

0 Karma

SplunkTrust
SplunkTrust

You can always create a scripted input of the following:

openssl x509 -in /path/to/cert -noout -enddate

Assuming you have openssl installed.

If not, you can package it as a stand-alone binary and ship it with an app that includes the scripted input.

0 Karma

Motivator

Ok, I believe another restart of Splunk corrected it. I'm now seeing events.

View solution in original post

Splunk Employee
Splunk Employee

@rob_jordan - Did your answer provide a working solution to your question? If yes and you would like to close out your post, don't forget to click "Accept". But if you'd like to keep it open for possibilities of other answers, you don't have to take action on it yet. Thanks!

0 Karma

SplunkTrust
SplunkTrust

Were you asked to restart after you clicked save on the setup page?

0 Karma

Motivator

I don't believe there was no prompt for restart. I first tried the debug refresh link provided on the app setup page, however that didn't seem to work.

0 Karma