All Apps and Add-ons

Splunk_TA_checkpoint-opseclea: Error during cert pull

maurelio79
Communicator

Hi, we lost hours trying to pull certificate with a generic error:

 

 

2020-09-17 08:09:43,692 +0000 log_level=INFO, pid=24567, tid=MainThread, file=error_ctl.py, func_name=ctl, code_line_no=147 | REST ERROR[400]: Bad Request - Failed to fetch the certificate from server
  File "/opt/splunk/bin/runScript.py", line 78, in <module>
    execfile(REAL_SCRIPT_NAME)
  File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/ta_opseclea_rh_cert.py", line 348, in <module>
    admin.CONTEXT_APP_AND_USER
  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 131, in init
    hand.execute(info)
  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 594, in execute
    if self.requestedAction == ACTION_CREATE:   self.handleCreate(confInfo)
  File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/ta_opseclea_rh_cert.py", line 289, in handleCreate
    RH_Err.ctl(400, msgx=exc, logLevel=logging.INFO)
  File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/rest_handler/error_ctl.py", line 144, in ctl
    if logLevel >= logging.ERROR or isinstance(msgx, Exception) \
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/ta_opseclea_rh_cert.py", line 279, in handleCreate
    args = self.pull_cert(args)
  File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/ta_opseclea_rh_cert.py", line 228, in pull_cert
    opsec_sic_name, cert_name = cert.pull()
  File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/ta_opseclea_rh_cert.py", line 133, in pull
    raise CertException("Failed to fetch the certificate from server")
CertException: Failed to fetch the certificate from server

 

 

Then we download the opsec sic utilities version 6.1 for Linux 30 from this link

https://supportcenter.checkpoint.com/supportcenter/portal?ventSubmit_doGoviewsolutiondetails=&soluti...

and everithing went good.
Please review the app on Splunkbase.
Thanks and regards

Labels (1)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...