All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting a "SSL: CERTIFICATE_VERIFY_FAILED" error despite having valid certificates in Splunk Add-on for Tenable?

yarick
Path Finder
‎08-28-2018 09:36 AM

Add-on is configured to obtain data from Tenable nessusd (Nessus) 7.1.3 [build M20120] for Linux

Error in logs

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed.

SSL Connection test

New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES128-SHA
Session-ID:
Session-ID-ctx:
Master-Key: EFB3E32FE3292430D26CE3BE6B5DF3FB9D6ECE9922687B0ECD51A7B82A31B11342F43CD30A1671FFCE030AE4D047B381
Start Time: 1535474072
Timeout : 300 (sec)
Verify return code: 0 (ok)

Certificate Authority used for this connection - Lets Encrypt

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yarick
Path Finder
‎08-28-2018 10:09 AM

Let's Encrypt was not listed in the cert. Store for the Add-on.

I updated the list with this command = cat /etc/ssl/certs/ca-bundle.crt >> /opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/cacerts.txt

There may be a solution that is more elegant. For example, to ship updated version of the library, or rely on system libraries. But, that is a much larger discussion.

SSL Certificate is validated by the Add-on and operating as expected. This solved my issue.

View solution in original post

Reply
Solved! Jump to solution

bharathnetskope
Observer
‎04-04-2022 06:38 PM

@yarick This did not solve my problem , is there any way we can disable SSL ? 

0 Karma
Reply
Solved! Jump to solution

yarick
Path Finder
‎04-05-2022 11:58 AM

@bharathnetskope- If you have access to the Tenable Support Portal, there should be a spec. That describes if that is supported. It was not in the version of SC I was using.

0 Karma
Reply
Solved! Jump to solution

VijaySrrie
Builder
‎03-30-2022 11:02 PM

@yarick I see the same error with the app --->  https://splunkbase.splunk.com/app/5677/

Please let me know how to fix it

0 Karma
Reply
Solved! Jump to solution

yarick
Path Finder
‎04-05-2022 11:56 AM

@VijaySrrie- I have not used this particular app, the same should apply -

Check if your app is providing a cacerts bundle OR update version of the same provided on a system-wide level (OS not Splunk).

 

0 Karma
Reply
Solved! Jump to solution
Solution

yarick
Path Finder
‎08-28-2018 10:09 AM

Let's Encrypt was not listed in the cert. Store for the Add-on.

I updated the list with this command = cat /etc/ssl/certs/ca-bundle.crt >> /opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/cacerts.txt

There may be a solution that is more elegant. For example, to ship updated version of the library, or rely on system libraries. But, that is a much larger discussion.

SSL Certificate is validated by the Add-on and operating as expected. This solved my issue.

Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
Top