How to troubleshoot "SSL Validation Failed for <VP...

adnankhan5133 · ‎04-04-2022

While configuring an S3 input in the Splunk Add-on for AWS, I received an error message stating that "SSL Validation failed" because the VPC S3 Endpoint did not match a series of S3 bucket endpoint names (e.g. s3.us-east-1.amazonaws.com).

As part of the Splunk AWS Add-on naming convention for private endpoints, the Private Endpoint URL for the S3 bucket must be https://vpce-<endpoint_id>-<unique_id>.s3.<region>.vpce.amazonaws.com

After creating the endpoints, we're running into the SSL Validation errors. Any idea what could be causing this?

PickleRick · ‎04-04-2022

Do a openssl s_client -connect to your s3 endpoint host with -showcerts and see what's wrong with the cert ans certification path if anything.

adnankhan5133 · ‎04-05-2022

Thanks - we didn't see any errors in the output after running the OpenSSL command. The output showed that we were able to connect without issues, but we're still seeing the VPC Endpoint error within the Splunk HF console.

PickleRick · ‎04-05-2022

I've never used this add-on but since you're talking about HF, I assume it contains some modular input connecting to this S3 endpoint, right?

Check for bundled-in CA certificates trusted by the input. Maybe there's a difference - your system-wide openssl has other trusted CA database and the input uses another one.

How to troubleshoot "SSL Validation Failed for <VPC S3 Private Endpoint>" in Splunk AWS Add-on?

heavy forwarder

Splunk Observability Cloud | Customer Survey!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Starting With Observability: OpenTelemetry Best Practices