All Apps and Add-ons

Splunk Add-on for Tenable [SSL: CERTIFICATE_VERIFY_FAILED] error after troubleshooting

macadameane
Explorer

I have recently set up a virtual environment on a development machine. It is not meant for production, just testing. The machines are virtualized through virtual box. Splunk is on the Windows host, and Security Center is installed in a fresh CentOS installation with the firewall and selinux disabled. The SSL cert is the default one. The machines can see eachother on the network at the following IPs:
10.0.0.10 - Splunk (7.0.2)
10.0.0.20 - Security Center (5.7.1)

I have installed Splunk Add-on for Tenable. After searching tenable:sc:log, I am getting an error each time it tried to pull vulnerability data:

2018-11-21 20:22:10,740 +0000 log_level=ERROR, pid=30732, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=67 | [stanza_name="Test SC Server" data="sc_vulnerability" server="Test SC Server"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.

I have search many posts here and have found varying solutions. I have also looked at the trouble shooting guide. Here is what I have tried:

Tried adding disable_ssl_certificate_validation = 1 to the following files based on others suggestions
etc\apps\search\local\inputs.conf
etc\apps\Splunk_TA_nessus\local\nessus.conf
etc\apps\Splunk_TA_nessus\local\inputs.conf

Also navigated to Security Center, exported the .cer/.pem file, and appended it to
etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\cacerts.txt

Tried ensuring that Windows firewall is allowing port 8089 inbound communication as per someones comment to a post.

No matter what I seem to try, I am always told that certificate validation is enabled, and that the verification can failed. Any help would be great.

Thanks

myriadic
Path Finder

in "nessus.conf", did you create a new stanza, named "[tenable_sc_settings]", to put "disable_ssl_certificate_validation = 1" under?

0 Karma

macadameane
Explorer

Yes, here is my exact file contents, pasted:
C:\Program Files\Splunk\etc\apps\Splunk_TA_nessus\local\nessus.conf

[tenable_sc_settings]
disable_ssl_certificate_validation = 1
0 Karma

myriadic
Path Finder

what version of the add-on are you using? i'm on 5.1.4 and it's working

(also, i have "true", instead of "1", although that shouldn't matter)

0 Karma

macadameane
Explorer

I tried "true" as well without any results.

According to my README.txt in the Splunk_TA_nessus folder, I am running version 5.1.4

0 Karma

myriadic
Path Finder

that's weird. maybe i never actually got the disable cert part working and it was actually the cert part i got working...can't remember, it's been a while

good luck, though

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.