All Apps and Add-ons

Some problems with TA_Demisto configuration

Explorer

Hi all, i have some problems with TA-Demisto for Splunk configuration.

On the Demisto Setup Page when i`m configure Demisto Host Name/IP Address and Api key , and after click on Save button i see an error message.

Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/TA-Demisto/demisto/demistocustomendpoint/demistoenv

Splunk instance works on amazon ec2 and demisto instance works on ec2 too. This two instances located in one VPC(one network) so i prefer to build communication using their local ip adresses.

Log message

2018-02-22 11:40:51,394 - DEMISTOSETUP - INFO - Auth key found
2018-02-22 11:40:51,396 - DEMISTOALERT - INFO - Using default value for verify= True
2018-02-22 11:40:51,433 - DEMISTOSETUP - ERROR - Exception while createing Test incident
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-Demisto/bin/demisto_setup.py", line 104, in handleEdit
    verify_cert = True)
  File "/opt/splunk/etc/apps/TA-Demisto/bin/demisto_alert.py", line 217, in validate_token
    r = requests.get(url = url, verify = True,allow_redirects = True, headers = headers)
  File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 55, in get
    return request('get', url, **kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 456, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 559, in send
    r = adapter.send(request, **kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/adapters.py", line 382, in send
    raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:603)

Demisto can successfully connect to Splunk using SplunkPy in Settings-Integrations.
But Splunk can`t connect to Splunk.
Security groups configured good, so this instances can communicate with each other.

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Hi @jackson_storm,

You are configuring using local IP but is this instance using self signed certificate? If Yes then you must configured the demisto app using the host name provided in self signed certificate.

Thanks

View solution in original post

0 Karma

New Member

[root@ip-192-168-45-70 demisto]# curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false

<msg type="ERROR">Unauthorized</msg>

,I get the following error.

[root@ip-192-168-45-70 demisto]# curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false

<msg type="ERROR">Unauthorized</msg>
0 Karma

SplunkTrust
SplunkTrust

This question is nearly two years old with an accepted answer. Please post a new question describing your problem.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Engager

I ran into the same problem and had to disable CERT validation with the following command.

curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false

Path Finder

thanks - this worked for me !

0 Karma

Explorer

@jackson_storm Were you able to get an update on the fix? I am facing the same issue

thanks!

0 Karma

SplunkTrust
SplunkTrust

Hi @jackson_storm,

You are configuring using local IP but is this instance using self signed certificate? If Yes then you must configured the demisto app using the host name provided in self signed certificate.

Thanks

View solution in original post

0 Karma

Engager

Hi

We are also facing the same problem and we don't have self signed certificate. In that case what needs to do?