url = "https://xyz.com/core/api-ua/user-account/stix/v2.1?isSafe=false&key=key"
# Path to your custom CA bundle (optional, if you need to use a specific CA bundle)
ca_bundle_path = "/home/ubuntu/splunk/etc/apps/APP-Name/certs/ap.pem"
# Make the API call through the HTTPS proxy with SSL verification
response = requests.get(url, proxies=proxies, verify=ca_bundle_path)
print("Response content:", response.content)
If I use this code in separate python script.. It works and gives the response.
However, If I use the same code in splunk, It doesn't. I get :
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1106)')))
The code that is being used is :
files = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', 'App-Name', 'certs')
pem_files = [f"{files}/{file}" for file in os.listdir(path=files) if (file.endswith('.pem') or file.endswith('.crt'))]
url = f"{url}/core/api-ua/v2/alerts/attack-surface?type=open-ports&size=1&key={api_token}"
if pem_files:
logger.info(f"Certificate used: {pem_files[0]}")
logger.info(requests.__version__)
logger.info(urllib3.__version__)
logger.info(proxy_settings)
response = requests.request(
GET,
url,
verify=pem_files[0],
proxies=proxy_settings
)
response.raise_for_status()
In the place of verify=pem_files[0],I have added verify="/home/ubuntu/splunk/etc/apps/APP-Name/certs/ap.pem"
Still same error.
