Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Data no longer coming due to SSL error

dtran
Explorer
‎11-05-2020 09:46 AM

I am new to Splunk but was task to leverage Splunk to build dashboards and monitor all of our data from SFMC.

I was successful in creating the different indexes and inputs and everything was working fine until 11/1 when I either made the mistake to upgrade from 8.0.6 then rolled back and also my company updated my Mac as well.

However when running several diagnotics and investigations everything comes back to the SSL error

 

 

 

11-05-2020 09:31:15.819 -0800 WARN  SSLCommon - Received fatal SSL3 alert. ssl_state='error', alert_description='unknown CA'.

    event_message = Received fatal SSL3 alert. ssl_state='error', alert_description='unknown CA'.
    eventtype = splunkd-log
    host = 4ustorml05032
    source = /Applications/Splunk/var/log/splunk/splunkd.log
    sourcetype = splunkd

 

 

 

 

 

 

 

11-05-2020 09:31:15.819 -0800 ERROR ApplicationUpdater - Error checking for update, URL=https://apps.splunk.com/api/apps:resolve/checkforupgrade: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

 

 

 

 

I tried pretty much all the other recommendation and as well as in the documentation that Splunk provides which included generating the certs, configuring it in the various location web.conf, input.conf, server.conf, etc.

The only that that would happen is break my instance and I would need to roll back.

I am unsure what may the cause is, I rolled back the latest version because it broke our apps since they were Python 2 and the latest version is now 3.

Any insight would be great. Also I pretty much been at all of the forums and tried several solution but many were outdated and most likely didn't fit my issue.

Labels (2)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...