All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I unable to auto generate a certificate in "Splunk Add-on for Microsoft Cloud Services" Add-on.?

bmanan7
New Member
‎03-31-2018 03:42 AM

I installed this add-on(Splunk Add-on for Microsoft Cloud Services) and configured it for my cloud instance. However, when I am trying to generate a new certificate I am getting the error below.

"Error in generating the certificate.". I have no clue why I am getting this error.
I have blank certificate in "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/default/splunk_ta_ms_o365_server_certificate.conf" file.

Can someone please help me with the solutions/workaround if someone has faced this error before in any cloud instance?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎04-03-2018 04:09 PM

You may want to run a search on the _internal index to get some more clues. Something like this:

index=_internal source=*microsoft* error

Having a blank /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/default/splunk_ta_ms_o365_server_certificate.conf file is expected behavior.

Once you successfully generate a certificate, the details will be stored in /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/local/splunk_ta_ms_o365_server_certificate.conf (notice the change in path to local). Here is what my file in local looks like:

[certificate]
disabled = 0
manifest_json = {"keyCredentials": [{"keyId": "***", "type": "AsymmetricX509Cert", "customKeyIdentifier": "***", "value": "---", "usage": "Verify"}]}
private_key = ********
status = generated_valid
last_verified_time = 2018-04-03 17:43:22 CDT

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎04-03-2018 04:09 PM

You may want to run a search on the _internal index to get some more clues. Something like this:

index=_internal source=*microsoft* error

Having a blank /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/default/splunk_ta_ms_o365_server_certificate.conf file is expected behavior.

Once you successfully generate a certificate, the details will be stored in /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/local/splunk_ta_ms_o365_server_certificate.conf (notice the change in path to local). Here is what my file in local looks like:

[certificate]
disabled = 0
manifest_json = {"keyCredentials": [{"keyId": "***", "type": "AsymmetricX509Cert", "customKeyIdentifier": "***", "value": "---", "usage": "Verify"}]}
private_key = ********
status = generated_valid
last_verified_time = 2018-04-03 17:43:22 CDT
0 Karma
Reply
Solved! Jump to solution

bmanan7
New Member
‎04-30-2018 01:53 AM

Hi @jconger,

Thanks for quick response. That search query would definitely help to figure out the problem.
But I was facing this error as there were some issues with the bundle of the app itself. I re-installed it from the splunkbase after removing the app and it worked for me. However who so ever is facing this problem please use the search query or go through the logs which will help to figure out the problem.

0 Karma
Reply
Solved! Jump to solution

p_gurav
Champion
‎04-02-2018 04:12 AM

Did you follow steps given in document:

https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Configurecertificate

Reply
Solved! Jump to solution

bmanan7
New Member
‎04-04-2018 05:03 AM

Yes, I have followed all the steps as mentioned in the doc.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...