Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Making REST API calls to servers with self-signed certificates from Splunk Cloud

sandfly_dev
New Member
‎03-08-2024 08:16 AM

Recently our TA was rejected for Splunk Cloud compatibility due to a configuration option that would allow our customers to disable SSL verification so that they can make the REST API calls to a server that has a self-signed TLS certificate.

The TA is using Python code for the inputs, and one of the configuration options when setting up the input was to Enable or Disable SSL Verification.  Customers using servers with self-signed certificates could opt to disable verification.  This would set the verify parameter to the helper.send_http_request to False.

This option passed Cloud compatibility until recently when we were notified that external network calls must be made securely and so our TA no longer qualified for Cloud compatibility with the option to set verify=False.

Has anyone else ran into this issue and is there a solution other than forcing customers to purchase TLS certificates from a trusted CA?

I did see there is an option to the helper.send_http_request call to specify the CA bundle, but we do not have any control over what CA is used to generate the self-signed certificate so there is no way to include a bundle in the TA.

Any suggestions are welcome.

 

Labels (3)
Labels
0 Karma
Reply

tscroggins
Influencer
‎03-09-2024 05:25 PM

Hi @sandfly_dev,

Can you add an option to your configuration to allow customers to provide a list of trusted certificates in PEM or some or other format? This could be a single self-signed certificate, a list of concatenated certificates in a certificate chain, etc. depending on what's supported by your code.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...