Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is there certificate exception error while posting data to splunk?

Venkat_Kumar
Loves-to-Learn
‎03-23-2022 09:25 AM

Hi Team,

I am getting below error while trying to post data to my splunk using below url. I have installed the certificates in the source system by taking them from browser(lock sysmbol)

Can you please check and help what certificates are exactly installed to post data to below URL

end point url: https://prd-p-jmw56.splunkcloud.com:8088/services/collector/raw

Error Details
java.net.ConnectException: java.security.cert.CertificateException: No name matching prd-p-jmw56.splunkcloud.com found, cause: java.security.cert.CertificateException: No name matching prd-p-jmw56.splunkcloud.com found
 
thanks,
Venkat
Labels (4)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-24-2022 01:37 PM

Contrary to the certificate served on port 443, the one used on 8088 is a Splunk's internal cert (the cert created  by default on installation).

The one used on the web interface port is a wildcard certificate for the whole splunkcloud .com domain so I presume it's not directly installed on "your" search heads but is served from some HTTP loadbalancer which also works as HTTPS offloading proxy.

I haven't used the cloud yet but I suppose if you want a "proper" trusted certificate you should contact cloud support (you won't be able to upload a certificate and add ssl settings on your own anyway I think).

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎03-24-2022 06:03 AM

Are you sending the data with the HEC token?

Check this docs:
https://docs.splunk.com/Documentation/Splunk/latest/Data/HECExamples

 

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply

Venkat_Kumar
Loves-to-Learn
‎03-24-2022 06:39 AM

Hello,

Yes, i am created  HEC token in splunk and using it while trying to send data.

Also, i have modified the end point as below(added "inputs.") as per https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/UsetheHTTPEventCollector# 

end point url: https://inputs.prd-p-jmw56.splunkcloud.com:8088/services/collector/raw 

Based on error, looks like i need to install hostname dedicated certificate. Any idea on how to get it or enable anything in splunk to receive data.

 

Error Details
java.net.ConnectException: java.security.cert.CertificateException: No name matching inputs.prd-p-jmw56.splunkcloud.com found, cause: java.security.cert.CertificateException: No name matching inputs.prd-p-jmw56.splunkcloud.com found

 

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎03-24-2022 06:44 AM

I haven't had much experience with splunk cloud but I recall you can download a UF package that contains all the necessary bit to connect to the cloud instance including the cert chain.

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply

Venkat_Kumar
Loves-to-Learn
‎03-24-2022 09:40 AM

@diogofgm Thanks for your response.

Can you please provide me the path where i can check UF package which contains certificate details.

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎03-24-2022 10:07 AM

In Splunk Cloud in the Apps menu you have a Universal forwarder app. In that app you can download the UF package

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply

Venkat_Kumar
Loves-to-Learn
‎03-24-2022 04:28 AM

Hi Experts,

Can you please help to guide on below issue

I am getting below error while trying to post data to my splunk using below url. I have installed the certificates in the source system by taking them from browser(lock sysmbol)

Can you please check and help what certificates are exactly installed to post data to below URL

end point url: https://prd-p-jmw56.splunkcloud.com:8088/services/collector/raw

Error Details
java.net.ConnectException: java.security.cert.CertificateException: No name matching prd-p-jmw56.splunkcloud.com found, cause: java.security.cert.CertificateException: No name matching prd-p-jmw56.splunkcloud.com found
 
thanks,
Venkat
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...