Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to troubleshoot "SSL Validation Failed for <VPC S3 Private Endpoint>" in Splunk AWS Add-on?

adnankhan5133
Communicator
‎04-04-2022 01:51 PM

While configuring an S3 input in the Splunk Add-on for AWS, I received an error message stating that "SSL Validation failed" because the VPC S3 Endpoint did not match a series of S3 bucket endpoint names (e.g. s3.us-east-1.amazonaws.com).

As part of the Splunk AWS Add-on naming convention for private endpoints, the Private Endpoint URL for the S3 bucket must be https://vpce-<endpoint_id>-<unique_id>.s3.<region>.vpce.amazonaws.com

After creating the endpoints, we're running into the SSL Validation errors. Any idea what could be causing this?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

ChristophR
Explorer
‎10-13-2023 01:36 AM

Bit of an old post but I had this exact error, spent way too long troubleshooting it, and was saddened when this post didnt have an accepted solution.

The problem is, the s3 vpc endpoint you are using DOES NOT match the supported format Splunk expects.  Then, when it tries to do hostname validation (s3 VPC endpoint) against the expected format, it fails and throws this ugly error.

you said:

"As part of the Splunk AWS Add-on naming convention for private endpoints, the Private Endpoint URL for the S3 bucket must be https://vpce-<endpoint_id>-<unique_id>.s3.<region>.vpce.amazonaws.com"

This isnt true, as the docs explain.  You actually need to use:

ChristophR_0-1697186018330.png

Thus, the format for S3 is actually https://bucket.vpce-<endpoint_id>-<unique_id>.s3.<region>.vpce.amazonaws.com.  I didnt read the documentation closely enough and wasted a lot of time.. so I hope this helps someone.

 

Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-04-2022 02:31 PM

Do a openssl s_client -connect to your s3 endpoint host with -showcerts and see what's wrong with the cert ans certification path if anything.

0 Karma
Reply

adnankhan5133
Communicator
‎04-05-2022 06:21 AM

Thanks - we didn't see any errors in the output after running the OpenSSL command. The output showed that we were able to connect without issues, but we're still seeing the VPC Endpoint error within the Splunk HF console.  

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-05-2022 08:10 AM

I've never used this add-on but since you're talking about HF, I assume it contains some modular input connecting to this S3 endpoint, right?

Check for bundled-in CA certificates trusted by the input. Maybe there's a difference - your system-wide openssl has other trusted CA database and the input uses another one.

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...