All Apps and Add-ons

Why am I getting a "SSL: CERTIFICATE_VERIFY_FAILED" error despite having valid certificates in Splunk Add-on for Tenable?

yarick
Path Finder

Add-on is configured to obtain data from Tenable nessusd (Nessus) 7.1.3 [build M20120] for Linux

Error in logs

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed.

SSL Connection test

New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES128-SHA
Session-ID:
Session-ID-ctx:
Master-Key: EFB3E32FE3292430D26CE3BE6B5DF3FB9D6ECE9922687B0ECD51A7B82A31B11342F43CD30A1671FFCE030AE4D047B381
Start Time: 1535474072
Timeout : 300 (sec)
Verify return code: 0 (ok)

Certificate Authority used for this connection - Lets Encrypt

0 Karma
1 Solution

yarick
Path Finder

Let's Encrypt was not listed in the cert. Store for the Add-on.

I updated the list with this command = cat /etc/ssl/certs/ca-bundle.crt >> /opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/cacerts.txt

There may be a solution that is more elegant. For example, to ship updated version of the library, or rely on system libraries. But, that is a much larger discussion.

SSL Certificate is validated by the Add-on and operating as expected. This solved my issue.

View solution in original post

bharathnetskope
Observer

@yarick This did not solve my problem , is there any way we can disable SSL ? 

0 Karma

yarick
Path Finder

@bharathnetskope- If you have access to the Tenable Support Portal, there should be a spec. That describes if that is supported. It was not in the version of SC I was using.

0 Karma

VijaySrrie
Builder

@yarick I see the same error with the app --->  https://splunkbase.splunk.com/app/5677/

Please let me know how to fix it

0 Karma

yarick
Path Finder

@VijaySrrie- I have not used this particular app, the same should apply -

Check if your app is providing a cacerts bundle OR update version of the same provided on a system-wide level (OS not Splunk).

 

0 Karma

yarick
Path Finder

Let's Encrypt was not listed in the cert. Store for the Add-on.

I updated the list with this command = cat /etc/ssl/certs/ca-bundle.crt >> /opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/cacerts.txt

There may be a solution that is more elegant. For example, to ship updated version of the library, or rely on system libraries. But, that is a much larger discussion.

SSL Certificate is validated by the Add-on and operating as expected. This solved my issue.

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...