I see that it is a response to a Cookie check (code here: http://answers.splunk.com/answers/46756/command-line-search-from-remote-host-with-no-splunk-products...), however user is logging in from desktop with same time as search-head. Was not able to see anything in the logs either. Has anyone seen this issue before, and what does it mean?
After verifying the time on the server and client, one solution is to refresh the webpage so that it can present you with the option to bypass/accept the SSL certificate in cases where a warning may be present.
I just figured out, turns out the time on the linux vm is a day off from desktop date-time, the search-head is installed on linux vm, once I set the correct date-time on linux vm, there is no warning.. hope this helps someone.
We also saw this with a Splunk 6.2.3 search head. It only happened once so far, and the person didn't see it again after a browser restart.