Splunk Dev

How to use an encrypted client TLS/SSL key to query an API

yoho
Contributor

Our company policy requires an SSL private key to be encrypted. Unfortunately, my script is using the requests library which doesn't support this, as written in its documentation (feature request : https://github.com/psf/requests/issues/1573)

There seems to be a workaround by using a custom adapater (https://github.com/m-click/requests_pkcs12) which is using pkcs12 package files (which contain both the certificate and the key  and can be encrypted). I've installed this adapter under "lib" in my app directory (and I added the line of code to my script to append this path to the library path).

But this adapter is requiring the pyopenssl library (shipped with Splunk, installed in the python default library path) but this one, in turns, requires ndg.httpsclient.ssl_peer_verification (not shipped with Splunk!). So the adapter fails to load.

So in the end 2 questions:

1) Is anybody having to use client-side SSL authentication to query an API and is using an encrypted key ? How to make it work ?

2) Is there a clean way to add ndg.httpsclient.ssl_peer_verification to the libraries available to splunk so that pyopenssl can be loaded ? I've tried to add it to my app's "lib" directory but it seems that pyopenssl can not find it (maybe it expects to find it in the "default" directory ?)

Labels (6)
0 Karma
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...