My program has a variable, a string that contains the Splunk PEM certificate. Every request that is sent to the API includes my program verifying the cert being presented by the Splunk server is the one in the application. Okay so the error message I get is that:
"Couldn't login to splunk: Post https://10.0.0.18:8089/services/auth/login: x509: cannot validate certificate for 10.0.0.18 because it doesn't contain any IP SANs"
What am I missing here? There must be something about the Splunk architecture I am missing as related to certificates. BTW this is a FREE spunk server I am running at home.
@tesme,
The error says that the the IP you are trying to connect is not part of the Subject Alternative Names (SAN).
SSL needs identification of the peer, otherwise your connection might be against a man-in-the-middle which decrypts + sniffs/modifies the data and then forwards them encrypted again to the real target. Identification is done with x509 certificates which need to be validated against a trusted CA and which need to identify the target you want to connect to.
Usually the target is given as a hostname and this is checked against the subject and subject alternative names of the certificate. In this case your target is a IP. To validate the certificate successfully the IP must be given in the certificate inside the subject alternative names section, but not as an DNS entry (e.g. hostname) but instead as IP.
You could try connecting with hostname or create new certificate pairs. If you are at a home network, probably you could disable the hostname verification from the client side or disable the ssl (not recommended though)
How do you recommend adding in an IP SAN while creating a new self signed certificate in Splunk?
By the way, I am running a free splunk instance in virtual box.