I am also facing a similar problem while submitting my splunk addon app to splunk. In my case, I am making post request to my software using the code below:
response=requests.post(url=url,headers=headers,json=temp_container,verify=False, timeout=60)
After the review and feedback from the splunk team, I included a code in my html that will make users to enter the path to their SSL certificate (optional field). After this, I made changes to my python script so that if the user has entered the path, the code below will be executed else the one above.
response=requests.post(url=url,headers=headers,json=temp_container, timeout=60,verify=certloc)
certloc is the path to the certificate.
However, I am getting the same response as above from the review team on the code where I have kept verify=False. If I remove this code from the python then it will make it mandatory for the users to enter the path to the SSL certificate? In that case, do users have to use their own certificate and place the certificate inside default folder of the package or do we generate the certificate, and place it inside the default folder and then package it before distributing it. Can the same certificate be used by all app users when we distribute the package? In our case, every customer has their own instance of our product just like every user has their own Splunk instance.
