All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on Builder - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:

rukshar
Explorer
‎09-16-2024 08:39 AM

Hi Splunkers,

I am trying to configure rest api monitoring via splunk add-on builder but while configuring when i am trying to test the result i am receiving SSL error.

Splunk-Add-on Builder Version:4.3.0
Splunk Enterprise Version:9.1.1

What could be done to mitigate this SSL error?

Awaiting quick help and response

Pasting the error herewith:

2024-09-16 15:28:49,569 - test_rest_api - [ERROR] - [test] HTTPError reason=HTTP Error HTTPSConnectionPool(host='endpoints.office.com', port=443): Max retries exceeded with url: /version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)'))) when sending request to url=https://endpoints.office.com/version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 method=GET
Traceback (most recent call last):
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connectionpool.py", line 722, in urlopen
chunked=chunked,
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connectionpool.py", line 404, in _make_request
self._validate_conn(conn)
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connectionpool.py", line 1060, in _validate_conn
conn.connect()
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connection.py", line 429, in connect
tls_in_tls=tls_in_tls,
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/util/ssl_.py", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=server_hostname
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/splunk/lib/python3.7/ssl.py", line 428, in wrap_socket
session=session
File "/splunk/lib/python3.7/ssl.py", line 878, in _create
self.do_handshake()
File "/splunk/lib/python3.7/ssl.py", line 1147, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/requests/adapters.py", line 497, in send
chunked=chunked,
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connectionpool.py", line 802, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/util/retry.py", line 594, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='endpoints.office.com', port=443): Max retries exceeded with url: /version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/http.py", line 230, in _retry_send_request_if_needed
uri=uri, body=body, method=method, headers=headers
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/http.py", line 219, in _send_internal
verify=self.requests_verify,
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/requests/adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='endpoints.office.com', port=443): Max retries exceeded with url: /version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/engine.py", line 308, in _send_request
response = self._client.send(request)
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/http.py", line 296, in send
url, request.method, request.headers, request.body
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/http.py", line 243, in _retry_send_request_if_needed
raise HTTPError(f"HTTP Error {err}") from err
cloudconnectlib.core.exceptions.HTTPError: HTTP Error HTTPSConnectionPool(host='endpoints.office.com', port=443): Max retries exceeded with url: /version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
2024-09-16 15:28:49,570 - test_rest_api - [INFO] - [test] This job need to be terminated.
2024-09-16 15:28:49,570 - test_rest_api - [INFO] - [test] Job processing finished
2024-09-16 15:28:49,571 - test_rest_api - [INFO] - [test] 1 job(s) process finished
2024-09-16 15:28:49,571 - test_rest_api - [INFO] - [test] Engine executing finished 

Labels (1)
Labels
0 Karma
Reply

Meett
Splunk Employee
Splunk Employee
‎09-17-2024 03:05 AM

Hello @rukshar  if you have self-signed certificate in your local network then you have add those CA CERT Chain to below locations:

1) /opt/splunk/lib/python3.7/site-packages/certifi
And
2) /etc/apps/<APP_FOLDER>/lib/certify

Check if this resolves your problems, this documentation : https://splunk.my.site.com/customer/s/article/Office-365-Add-on-not-ingesting-any-events-and-throwing-SSL can help you understand ERROR its of splunk built add-on but yes same solution can be applied in your case as well.

If this helps you please mark this as answer.

0 Karma
Reply

rukshar
Explorer
‎09-17-2024 05:53 AM

Thanks for sharing useful link but unfortunately after adding the CA-CERT Chain to the below two locations and restarting the splunk still i am receiving the same error.

1) /opt/splunk/lib/python3.7/site-packages/certifi
And
2) /etc/apps/<APP_FOLDER>/lib/certify

 

Any further suggestions please?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...