Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

500s when updating apps from GUI with walkaround

PickleRick
SplunkTrust
SplunkTrust
‎02-13-2023 04:23 AM

Hello there.

Posting just for reference.

It seems there is some misconfguration issue between splunkbase and the Splunk default config.

The default config says:

# /opt/splunk/bin/splunk btool server list applicationsManagement | grep updateHost
updateHost = https://apps.splunk.com

# /opt/splunk/bin/splunk btool server list applicationsManagement | grep Check
sslAltNameToCheck = splunkbase.splunk.com, apps.splunk.com, cdn.apps.splunk.com
sslCommonNameToCheck = apps.splunk.com, cdn.apps.splunk.com

However, the servers respond with:

# curl -v https://apps.splunk.com 2>&1 | grep subject:
* subject: C=US; ST=California; L=San Francisco; O=Splunk Inc.; CN=splunkbase.splunk.com

Whereas 8.2.5 (don't have any other 8.2 at hand to check) seems to work despite those settings, 9.0.3 enforces the settings strictly and says

ERROR X509 [25665 TcpChannelThread] - X509 certificate (CN=splunkbase.splunk.com,O=Splunk Inc.,L=San Francisco,ST=California,C=US) common name (splunkbase.splunk.com) did not match any allowed names (apps.splunk.com,cdn.apps.splunk.com)

 

Walkaround:

Overwrite the setting in server.conf with

[applicationsManagement]
sslCommonNameToCheck = splunkbase.splunk.com,apps.splunk.com,cdn.apps.splunk.com

 

Labels (2)
Labels
Reply

jhupka_splunk
Community Manager
Community Manager
‎02-13-2023 11:01 AM

I'm responding to add a +1 to this issue from a new Splunkbase app install perspective versus updating an existing app already installed.  Did your issue prevent you from updating the app?  I was able to install new Splunkbase apps fine, but still got the same X509 errors you 

 

Details:

I started with a fresh Splunk 9.0.3 install on Mac OSX, and I ran the same btool commands and was configured like you.

I tried installing a Splunkbase app from the Splunk GUI, and I found this in index=_internal after installing:

02-13-2023 11:44:52.351 -0700 ERROR X509 [2149013 TcpChannelThread] - X509 certificate (CN=splunkbase.splunk.com,O=Splunk Inc.,L=San Francisco,ST=California,C=US) common name (splunkbase.splunk.com) did not match any allowed names (apps.splunk.com,cdn.apps.splunk.com)
I was able to install a fresh copy of Splunk 9.0.3 and install an app from Splunkbase that I needed without any issues.

The app still installed with no issues...but I do see that chatty error.

I added a stanza like you to etc/system/local/server.conf and restarted Splunk:

[applicationsManagement]
sslCommonNameToCheck = splunkbase.splunk.com,apps.splunk.com,cdn.apps.splunk.com

 This time, when I installed a Splunkbase app from the Splunk GUI I didn't see any more of those X509 ERROR logs.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-13-2023 12:01 PM

I could _not_ update the app. The update package would not download I assume. The UI would tell me that update failed with error 500. I could, however, see the update as available.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...

Starting With Observability: OpenTelemetry Best Practices

Tech Talk Starting With Observability: OpenTelemetry Best Practices Tuesday, October 17, 2023   |  11AM PST / ...