Security

Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

somesoni2
Revered Legend

Hi All,

I have just started working with Splunk C# SDK. I have a local Splunk instance which is not using SSL and I am able to connect to it (and get list of application, for test) using following code.

ServiceArgs svcArgs = new ServiceArgs();
svcArgs.App = "search";
svcArgs.Host = "myhost";
svcArgs.Port = 8089;
splunkService = new Service(svcArgs);             
splunkService.Login("username", "password");
foreach (var app in splunkService.GetApplications())
{
MessageBox.Show(app.Label);
}

However, When I try to use the same code with a splunk instance configured with SSL, I get following error (which I do expect as I am not setting any property to use SSL).

The request was aborted: Could not create SSL/TLS secure channel.

I couldn't find any good doc with steps required to make this code to connect to a SSL Splunk, but I tried to add this before "splunkService.Login" stmt.

splunkService.Scheme = HttpService.SchemeHttps;

Now I get this error:

The underlying connection was closed: An unexpected error occurred on a send.

Could anyone give me pointers on what I need to do to be able to connection Splunk with SSL?

Thanks in advance.

Tags (3)
0 Karma
1 Solution

ywu_splunk
Splunk Employee
Splunk Employee

Regarding to SSL client certificate, unfortunately, the SDK currently does not support SSL client certificate. If you'd like, you may clone the SDK github repository and make a modification. You wound need to change the following function in HttpService.cs, and supply your client certificate by HttpWebRequest.ClientCertificates.

View solution in original post

ywu_splunk
Splunk Employee
Splunk Employee

Regarding to SSL client certificate, unfortunately, the SDK currently does not support SSL client certificate. If you'd like, you may clone the SDK github repository and make a modification. You wound need to change the following function in HttpService.cs, and supply your client certificate by HttpWebRequest.ClientCertificates.

View solution in original post

ywu_splunk
Splunk Employee
Splunk Employee

What do you mean by 'do telnet on port 8089'? Did you provision a telnet server on port 8089?

0 Karma

somesoni2
Revered Legend

By the way I am able to do telnet on port 8089. Does it means the port is open in firewall?

0 Karma

somesoni2
Revered Legend

I figured that too. I tried adding code in HttpService.cs -> Send method (I have one caCert file, one sslKeysfile and sslKeysfilePassword), tried different combinations but it failed with same error. I guess It may be related to firewall issue where port 8089 is not open. I will look into it and test again. Thanks for your help.

0 Karma

ywu_splunk
Splunk Employee
Splunk Employee

To isolate the problem, please access the SSL endpoint under a browser, with https://myhost:8089. What do you get?

0 Karma

ywu_splunk
Splunk Employee
Splunk Employee

Yes, you can use SDK to connect to a remote Splunk server. You need to make sure the port is not blocked by the firewall.

0 Karma

somesoni2
Revered Legend

Also, can anyone confirm if application created using SDK can be executed from a remote server (which I believe be the case) or it has to be executed from the same server where splunk you're connecting is installed?

0 Karma

somesoni2
Revered Legend

My Splunk server does require SSL client certificate (one caCertFile and one sslKeysfile is being used. And this is the first error that I get when using from browser.

0 Karma

ywu_splunk
Splunk Employee
Splunk Employee

Does your Splunk server require SSL client certificate to connect?

Is it the first error you got?

You may want to talk to your network administrator or Splunk server admin for advice.

Let me know if you have additional information and would like my help further.

0 Karma

somesoni2
Revered Legend

I get following error

An error occurred during a connection to myhost:8089. SSL peer was unable to negotiate an acceptable set of security parameters. (Error code: ssl_error_handshake_failure_alert)

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.