Re: Splunk Add-on for Okta: Why does Splunk not ac...

bob_blood · ‎02-02-2017

Splunk Add-on for Okta API fails from SSL error. Probably due to a proxy changing the certs on the way back in. Splunk does not trust this different cert. I've seen similar problems floating around the web regarding proxies and certs with Splunk. Does anyone have a solution for this?

from internal logs: SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

Adding API target IP to the proxy bypass works but I'm trying to figure out a more robust solution.

PickleRick · ‎09-11-2021

If you're using a proxy solution which replaces the certificate on the connection (I assume your proxy does some content inspection), you need to add the cert of the CA the proxy uses to generate the certs on the fly to the trusted cert store. That's how TLS works.

MostafaKhalil · ‎09-10-2021

Hi @krishnacasso , @bob_blood and @ehaddad_splunk . Were you guys able to fix this issue? I'm having the same failure in establishing the SSL handshake. I was hoping you can guide me with what you did to fix the issue on your ends.

Thank you,

krishnacasso · ‎03-01-2017

Hi Bob,
Is this issue resolved. We are getting same SSL handshake error. How did you by pass it with proxy, We are trying with below proxy settings. Do we need to give IP in proxy_url place.

[okta_proxy]
proxy_enabled = 1
proxy_type =
proxy_rdns = 1
proxy_url =
proxy_port =
proxy_username =
proxy_password =

ehaddad_splunk · ‎02-02-2017

what kind of SSL authentication your proxy requires? I think the problem is due to the fact the the proxy certificate are not trusted on the HWF machine where the add-on runs. I would start by adding the CA root to the trusted store on that machine.

Splunk Add-on for Okta: Why does Splunk not accept SSL certificate?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!