All Apps and Add-ons

SSL Certificate Checker: How to configure the add-on on Centos?

bandit
Motivator

Hi, Michael, I was trying to test out the SSL Certificate Checker add-on on Splunk on Centos, however I'm not seeing any results when I search.

I ran the following command to download the cert for google.com to SSL Certificate Checker

true | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -in /dev/stdin > /tmp/google.com.pem

I then went to the setup page for the SSL Certificate Checker add-on.
I set a interval of * * * * * (i.e. once a minute)
Under enter a list of comma separated certificate paths here, I entered /tmp/google.com.pem

#ssl.conf
[SSLConfiguration]
certPaths = /tmp/google.com.pem
disabled = 0

#inputs.conf
[script://./bin/ssl_checker2.py]
index = preview
interval = * * * * *
disabled = 0
0 Karma
1 Solution

bandit
Motivator

Ok, I believe another restart of Splunk corrected it. I'm now seeing events.

View solution in original post

santosh_sshanbh
Path Finder

Since this app is not supported on UF, what is the alternate option available in Splunk to collect and index data about all SSL certificated installed on the UF server?

0 Karma

jkat54
SplunkTrust
SplunkTrust

You can always create a scripted input of the following:

openssl x509 -in /path/to/cert -noout -enddate

Assuming you have openssl installed.

If not, you can package it as a stand-alone binary and ship it with an app that includes the scripted input.

0 Karma

bandit
Motivator

Ok, I believe another restart of Splunk corrected it. I'm now seeing events.

aaraneta_splunk
Splunk Employee
Splunk Employee

@rob_jordan - Did your answer provide a working solution to your question? If yes and you would like to close out your post, don't forget to click "Accept". But if you'd like to keep it open for possibilities of other answers, you don't have to take action on it yet. Thanks!

0 Karma

jkat54
SplunkTrust
SplunkTrust

Were you asked to restart after you clicked save on the setup page?

0 Karma

bandit
Motivator

I don't believe there was no prompt for restart. I first tried the debug refresh link provided on the app setup page, however that didn't seem to work.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...