Security
Highlighted

Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

SplunkTrust
SplunkTrust

Hi All,

I have just started working with Splunk C# SDK. I have a local Splunk instance which is not using SSL and I am able to connect to it (and get list of application, for test) using following code.

ServiceArgs svcArgs = new ServiceArgs();
svcArgs.App = "search";
svcArgs.Host = "myhost";
svcArgs.Port = 8089;
splunkService = new Service(svcArgs);             
splunkService.Login("username", "password");
foreach (var app in splunkService.GetApplications())
{
MessageBox.Show(app.Label);
}

However, When I try to use the same code with a splunk instance configured with SSL, I get following error (which I do expect as I am not setting any property to use SSL).

The request was aborted: Could not create SSL/TLS secure channel.

I couldn't find any good doc with steps required to make this code to connect to a SSL Splunk, but I tried to add this before "splunkService.Login" stmt.

splunkService.Scheme = HttpService.SchemeHttps;

Now I get this error:

The underlying connection was closed: An unexpected error occurred on a send.

Could anyone give me pointers on what I need to do to be able to connection Splunk with SSL?

Thanks in advance.

Tags (3)
0 Karma
Highlighted

Re: Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

Path Finder

To isolate the problem, please access the SSL endpoint under a browser, with https://myhost:8089. What do you get?

0 Karma
Highlighted

Re: Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

SplunkTrust
SplunkTrust

I get following error

An error occurred during a connection to myhost:8089. SSL peer was unable to negotiate an acceptable set of security parameters. (Error code: sslerrorhandshakefailurealert)

0 Karma
Highlighted

Re: Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

Path Finder

Does your Splunk server require SSL client certificate to connect?

Is it the first error you got?

You may want to talk to your network administrator or Splunk server admin for advice.

Let me know if you have additional information and would like my help further.

0 Karma
Highlighted

Re: Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

SplunkTrust
SplunkTrust

My Splunk server does require SSL client certificate (one caCertFile and one sslKeysfile is being used. And this is the first error that I get when using from browser.

0 Karma
Highlighted

Re: Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

SplunkTrust
SplunkTrust

Also, can anyone confirm if application created using SDK can be executed from a remote server (which I believe be the case) or it has to be executed from the same server where splunk you're connecting is installed?

0 Karma
Highlighted

Re: Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

Path Finder

Yes, you can use SDK to connect to a remote Splunk server. You need to make sure the port is not blocked by the firewall.

0 Karma
Highlighted

Re: Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

Path Finder

Regarding to SSL client certificate, unfortunately, the SDK currently does not support SSL client certificate. If you'd like, you may clone the SDK github repository and make a modification. You wound need to change the following function in HttpService.cs, and supply your client certificate by HttpWebRequest.ClientCertificates.

View solution in original post

Highlighted

Re: Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

SplunkTrust
SplunkTrust

I figured that too. I tried adding code in HttpService.cs -> Send method (I have one caCert file, one sslKeysfile and sslKeysfilePassword), tried different combinations but it failed with same error. I guess It may be related to firewall issue where port 8089 is not open. I will look into it and test again. Thanks for your help.

0 Karma
Highlighted

Re: Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

SplunkTrust
SplunkTrust

By the way I am able to do telnet on port 8089. Does it means the port is open in firewall?

0 Karma