I've searched the similar questions and did not find a direct answer.
I have a Splunk APP
(Code42) that fails because of SLL verification issues.
"file=RESTClient.py:error:319 message="message="[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)" exception_type="SSLError" exception_arguments="[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)" filename="code42_clients.py" line="180"""
The certificate on the server, where the app is pulling data from, is self-signed. We cannot change that unfortunately. Within the Splunk application where do add this certificate so Splunk and all associated apps will trust the cert?
I've checked and made changes to this file, Documentation/Splunk/latest/Admin/Serverconf, however they have not been successful. I want to verify the app's cert, and not ignore certificate failures.
version = 3.0.6
decided to disable certificate verification as a workaround:
navigate to line 125
SC says this is insecure, but an acceptable hack for now given our ultra-secure environment.
if you cant change self-signed ssl , you need to export your certificate (including the private key) and install it to splunk server.
i assume that code42 is related with crashplan and they have documentation for ssl implementation. ( check: https://support.code42.com/Administrator/6/Configuring/Install_your_own_SSL_certificate_with_OpenSSL )
We have changed the certificate to one issued by a trusted CA (Entrust). However Splunk OpenSSL does not seem to like Entrust and still gives the same errors: After running this command to find the cert store, I've hit a block, and still cannot find where I can install the certificate that would allow
Splunk > Python > OpenSSL instance to trust the certificate. I would not like to go the route of telling Splunk to ignore all cert errors. The path /home/build, does not exist,
Here is the connection test command:
./splunk cmd openssl s_client -connect SITENAME:PORT | awk '/Protocol/ || /Cipher/ || /Verify/' depth=2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G3 verify error:num=19:self signed certificate in certificate chain New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 /opt/splunk/bin# ./splunk cmd python -c "import ssl;print(ssl.get_default_verify_paths())" DefaultVerifyPaths(cafile=None, capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/home/build/build-home/splunk-home/openssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/home/build/build-home/splunk-home/openssl/certs')
Where would I install the key on the Splunk side? The article seems to mention setting up they cert on the CrashPlan server, which we already have. The Splunk app, will not validate the certificate though. On the Splunk server we have tried adding the certificate to the appsca.pem file, however that has not fixed the issue.