All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on Builder - ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:

rukshar
Explorer
‎09-16-2024 08:39 AM

Hi Splunkers,

I am trying to configure rest api monitoring via splunk add-on builder but while configuring when i am trying to test the result i am receiving SSL error.

Splunk-Add-on Builder Version:4.3.0
Splunk Enterprise Version:9.1.1

What could be done to mitigate this SSL error?

Awaiting quick help and response

Pasting the error herewith:

2024-09-16 15:28:49,569 - test_rest_api - [ERROR] - [test] HTTPError reason=HTTP Error HTTPSConnectionPool(host='endpoints.office.com', port=443): Max retries exceeded with url: /version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)'))) when sending request to url=https://endpoints.office.com/version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 method=GET
Traceback (most recent call last):
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connectionpool.py", line 722, in urlopen
chunked=chunked,
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connectionpool.py", line 404, in _make_request
self._validate_conn(conn)
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connectionpool.py", line 1060, in _validate_conn
conn.connect()
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connection.py", line 429, in connect
tls_in_tls=tls_in_tls,
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/util/ssl_.py", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=server_hostname
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/splunk/lib/python3.7/ssl.py", line 428, in wrap_socket
session=session
File "/splunk/lib/python3.7/ssl.py", line 878, in _create
self.do_handshake()
File "/splunk/lib/python3.7/ssl.py", line 1147, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/requests/adapters.py", line 497, in send
chunked=chunked,
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/connectionpool.py", line 802, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/urllib3/util/retry.py", line 594, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='endpoints.office.com', port=443): Max retries exceeded with url: /version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/http.py", line 230, in _retry_send_request_if_needed
uri=uri, body=body, method=method, headers=headers
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/http.py", line 219, in _send_internal
verify=self.requests_verify,
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/requests/adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='endpoints.office.com', port=443): Max retries exceeded with url: /version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/engine.py", line 308, in _send_request
response = self._client.send(request)
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/http.py", line 296, in send
url, request.method, request.headers, request.body
File "/splunk/etc/apps/TA-o365_rest_api/bin/ta_o365_rest_api/aob_py3/cloudconnectlib/core/http.py", line 243, in _retry_send_request_if_needed
raise HTTPError(f"HTTP Error {err}") from err
cloudconnectlib.core.exceptions.HTTPError: HTTP Error HTTPSConnectionPool(host='endpoints.office.com', port=443): Max retries exceeded with url: /version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
2024-09-16 15:28:49,570 - test_rest_api - [INFO] - [test] This job need to be terminated.
2024-09-16 15:28:49,570 - test_rest_api - [INFO] - [test] Job processing finished
2024-09-16 15:28:49,571 - test_rest_api - [INFO] - [test] 1 job(s) process finished
2024-09-16 15:28:49,571 - test_rest_api - [INFO] - [test] Engine executing finished 

Labels (1)
Labels
0 Karma
Reply

Meett
Splunk Employee
Splunk Employee
‎09-17-2024 03:05 AM

Hello @rukshar  if you have self-signed certificate in your local network then you have add those CA CERT Chain to below locations:

1) /opt/splunk/lib/python3.7/site-packages/certifi
And
2) /etc/apps/<APP_FOLDER>/lib/certify

Check if this resolves your problems, this documentation : https://splunk.my.site.com/customer/s/article/Office-365-Add-on-not-ingesting-any-events-and-throwing-SSL can help you understand ERROR its of splunk built add-on but yes same solution can be applied in your case as well.

If this helps you please mark this as answer.

0 Karma
Reply

rukshar
Explorer
‎09-17-2024 05:53 AM

Thanks for sharing useful link but unfortunately after adding the CA-CERT Chain to the below two locations and restarting the splunk still i am receiving the same error.

1) /opt/splunk/lib/python3.7/site-packages/certifi
And
2) /etc/apps/<APP_FOLDER>/lib/certify

 

Any further suggestions please?

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...