All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting a "SSL: CERTIFICATE_VERIFY_FAILED" error despite having valid certificates in Splunk Add-on for Tenable?

yarick
Path Finder
‎08-28-2018 09:36 AM

Add-on is configured to obtain data from Tenable nessusd (Nessus) 7.1.3 [build M20120] for Linux

Error in logs

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed.

SSL Connection test

New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES128-SHA
Session-ID:
Session-ID-ctx:
Master-Key: EFB3E32FE3292430D26CE3BE6B5DF3FB9D6ECE9922687B0ECD51A7B82A31B11342F43CD30A1671FFCE030AE4D047B381
Start Time: 1535474072
Timeout : 300 (sec)
Verify return code: 0 (ok)

Certificate Authority used for this connection - Lets Encrypt

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yarick
Path Finder
‎08-28-2018 10:09 AM

Let's Encrypt was not listed in the cert. Store for the Add-on.

I updated the list with this command = cat /etc/ssl/certs/ca-bundle.crt >> /opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/cacerts.txt

There may be a solution that is more elegant. For example, to ship updated version of the library, or rely on system libraries. But, that is a much larger discussion.

SSL Certificate is validated by the Add-on and operating as expected. This solved my issue.

View solution in original post

Reply
Solved! Jump to solution

bharathnetskope
Observer
‎04-04-2022 06:38 PM

@yarick This did not solve my problem , is there any way we can disable SSL ? 

0 Karma
Reply
Solved! Jump to solution

yarick
Path Finder
‎04-05-2022 11:58 AM

@bharathnetskope- If you have access to the Tenable Support Portal, there should be a spec. That describes if that is supported. It was not in the version of SC I was using.

0 Karma
Reply
Solved! Jump to solution

VijaySrrie
Builder
‎03-30-2022 11:02 PM

@yarick I see the same error with the app --->  https://splunkbase.splunk.com/app/5677/

Please let me know how to fix it

0 Karma
Reply
Solved! Jump to solution

yarick
Path Finder
‎04-05-2022 11:56 AM

@VijaySrrie- I have not used this particular app, the same should apply -

Check if your app is providing a cacerts bundle OR update version of the same provided on a system-wide level (OS not Splunk).

 

0 Karma
Reply
Solved! Jump to solution
Solution

yarick
Path Finder
‎08-28-2018 10:09 AM

Let's Encrypt was not listed in the cert. Store for the Add-on.

I updated the list with this command = cat /etc/ssl/certs/ca-bundle.crt >> /opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/cacerts.txt

There may be a solution that is more elegant. For example, to ship updated version of the library, or rely on system libraries. But, that is a much larger discussion.

SSL Certificate is validated by the Add-on and operating as expected. This solved my issue.

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...