Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to troubleshoot "SSL Validation Failed for <VPC S3 Private Endpoint>" in Splunk AWS Add-on?

adnankhan5133
Communicator
‎04-04-2022 01:51 PM

While configuring an S3 input in the Splunk Add-on for AWS, I received an error message stating that "SSL Validation failed" because the VPC S3 Endpoint did not match a series of S3 bucket endpoint names (e.g. s3.us-east-1.amazonaws.com).

As part of the Splunk AWS Add-on naming convention for private endpoints, the Private Endpoint URL for the S3 bucket must be https://vpce-<endpoint_id>-<unique_id>.s3.<region>.vpce.amazonaws.com

After creating the endpoints, we're running into the SSL Validation errors. Any idea what could be causing this?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

ChristophR
Explorer
‎10-13-2023 01:36 AM

Bit of an old post but I had this exact error, spent way too long troubleshooting it, and was saddened when this post didnt have an accepted solution.

The problem is, the s3 vpc endpoint you are using DOES NOT match the supported format Splunk expects.  Then, when it tries to do hostname validation (s3 VPC endpoint) against the expected format, it fails and throws this ugly error.

you said:

"As part of the Splunk AWS Add-on naming convention for private endpoints, the Private Endpoint URL for the S3 bucket must be https://vpce-<endpoint_id>-<unique_id>.s3.<region>.vpce.amazonaws.com"

This isnt true, as the docs explain.  You actually need to use:

ChristophR_0-1697186018330.png

Thus, the format for S3 is actually https://bucket.vpce-<endpoint_id>-<unique_id>.s3.<region>.vpce.amazonaws.com.  I didnt read the documentation closely enough and wasted a lot of time.. so I hope this helps someone.

 

Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-04-2022 02:31 PM

Do a openssl s_client -connect to your s3 endpoint host with -showcerts and see what's wrong with the cert ans certification path if anything.

0 Karma
Reply

adnankhan5133
Communicator
‎04-05-2022 06:21 AM

Thanks - we didn't see any errors in the output after running the OpenSSL command. The output showed that we were able to connect without issues, but we're still seeing the VPC Endpoint error within the Splunk HF console.  

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-05-2022 08:10 AM

I've never used this add-on but since you're talking about HF, I assume it contains some modular input connecting to this S3 endpoint, right?

Check for bundled-in CA certificates trusted by the input. Maybe there's a difference - your system-wide openssl has other trusted CA database and the input uses another one.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

It’s go time — Boston, here we come!

Are you ready to take your Splunk skills to the next level? Get set, because Splunk University is back, and ...

Performance Tuning the Platform, SPL2 Templates, and More New Articles on Splunk ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top