While configuring an S3 input in the Splunk Add-on for AWS, I received an error message stating that "SSL Validation failed" because the VPC S3 Endpoint did not match a series of S3 bucket endpoint names (e.g. s3.us-east-1.amazonaws.com).
As part of the Splunk AWS Add-on naming convention for private endpoints, the Private Endpoint URL for the S3 bucket must be https://vpce-<endpoint_id>-<unique_id>.s3.<region>.vpce.amazonaws.com
After creating the endpoints, we're running into the SSL Validation errors. Any idea what could be causing this?
Do a openssl s_client -connect to your s3 endpoint host with -showcerts and see what's wrong with the cert ans certification path if anything.
Thanks - we didn't see any errors in the output after running the OpenSSL command. The output showed that we were able to connect without issues, but we're still seeing the VPC Endpoint error within the Splunk HF console.
I've never used this add-on but since you're talking about HF, I assume it contains some modular input connecting to this S3 endpoint, right?
Check for bundled-in CA certificates trusted by the input. Maybe there's a difference - your system-wide openssl has other trusted CA database and the input uses another one.