Self-signed certificate in certificate while using...

dujas · ‎01-13-2023

Hi All,

I am trying to list all tokens via splunk http-event-collector cli and it retruned error as below:

[centos8-1 mycerts]$ ~/splunk/bin/splunk http-event-collector list -uri https://centos8-1:8089
ERROR: certificate validation: self signed certificate in certificate chain
Cannot connect Splunk server

I used openssl to try to connect to my server, it returned code 0. However, if I used the splunk openssl, it will return code 19. And from splunkd.log it said:

01-14-2023 01:25:22.088 +0800 WARN  HttpListener [75758 HttpDedicatedIoThread-6] - Socket error from 192.168.30.128:59764 while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

Once I commented out cliVerifyServerName in servers.conf, the cli works but with warning as below:

WARNING: Server Certificate Hostname Validation is disabled. Please see server.conf/[sslConfig]/cliVerifyServerName for details.

May I know if I missed any configuration here? The cert is generated on my own and indeed it is self-signed one.

himaniarora20 · ‎11-30-2023

were you ever able to figure this out? I am facing the same issue

isoutamo · ‎11-30-2023

Hi

have you already looked these:

r. Ismo

Self-signed certificate in certificate while using CLI

HTTP Event Collector

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms