Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- SSL errors when contacting minemeld URL
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL errors when contacting minemeld URL
I keep getting this error in my Palo Alto App set up to interrogate a Minemeld URL:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)
However, when I use openssl commands from the Splunk server to check the certificate of the Minemeld-server, it is fine. We use internal CA certificates in addition to the OS defaults (properly configured in the OS, of course).
This leads me to suspect that Splunk or the Palo Alto app does not respect the OS settings. Is there a way to get it to do this, or do I have to start configuring this by hand?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The App ignores the SSL certs in the OS because it doesn't use the OS's python. It uses Splunk's built-in python for everything, so the CA cert would have to be trusted inside Splunk python. Unfortunately I don't know any way to trust certs in Splunk's python, but maybe Splunk support can help with this?
Right now there isn't an option to disable cert verification in the App because it would fail the security checks in Splunk's certification process.
So, I suggest to solve the problem one of two ways:
- RECOMMENDED: Use a cert that is trusted by Splunk's built-in python.
- Disabled cert validation by modifying the MineMeld modular input. To do this, edit the file
$SPLUNK_HOME/etc/apps/Splunk_TA_paloalto/bin/input_module_minemeld_feed.py.
In the get_feed_entries() method, find the line that reads:
resp=helper.send_http_request(
url=feed_url,
method='GET',
parameters={'v': 'json', 'tr': 1},
headers=feed_headers)
Insert this line between the parameters line and headers line:
verify=False,
Note that it must be indented the same as the lines around it, and must end with a comma.
We'll try to make this modification easier in a future version. Thanks for your feedback.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you find an answer to this? Go the exact same issue myself.
The OS is happy with the internal CA but Splunk/PA App seems to completely disregard the OS.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nope. Couldn't even figure out if how SSL is handled in the Palo Alto App is being determined by Splunk itself, or the Palo Alto app. So I had no real chance of finding a conf file to set up to include the internal CA.
Sometimes free support is worth every penny you pay for it 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for the slow reply. Posted answer below.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alternatively, I am happy to disable SSL verification. I can't find that option in any of the config files, but I may well be missing something.
Honestly, any help is much appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I modified this file
/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/requests/adapters.py
before line 209
if url.lower().startswith('https') and verify:
i insert this
verify = False
in my splunk it works fine.
bye
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you consider this the solution to the question asked, consider converting the comment to an answer and accepting it so that this question appears closed.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
