Splunk Enterprise Security

ES Glass Table not loading after activating requireClientCert in sslConfig (SSLError)

tsmadi
Explorer

Hello,

I have a problem with Splunk ES Glass Tables not loading when setting the requireClientCert=true in sslConfig. Of course I have the complete SSL setup working fine with sslVersions=tls1.2 using certificates singed by own CA.

When trying to access the Glass Tables from ES menu, I get the following error message:

HTTPSConnectionPool(host='127.0.0.1', port=8089): Max retries exceeded with url: /servicesNS/nobody/SplunkEnterpriseSecuritySuite/storage/collections/config/SplunkEnterpriseSecuritySuite_glasstables (Caused by SSLError(SSLError(1, u'[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:742)'),))

p.s note: I have tried to add ssl3 to allowed list in sslVersions just to check if this is the problem but I end up with KVStore failure. However, this is not how I want to solve it.

Thank you for your interactivity and responses in advance 🙂

Regards

Labels (2)
0 Karma
1 Solution

tsmadi
Explorer

Hello, 

Sorry for taking so long to reply,  but Splunk support should have taken care of this issue long time ago!

 

As promised, the solution for this issue is to enable the client authentication to use the SSL certificates provided for inter-server communication (Splunk components within the server) because the server is forced to authenticate all communications when  requireClientCert=true.

To enable this go to 

/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/lib/SplunkEnterpriseSecuritySuite_app_common/solnlib/packages/requests/sessions.py

Edit the file and modify the following Python tuple:

self.cert = ("Path to CA", "Path to certificate")

Save the file and restart splunk. The glass Tables should work now with no problem. However, you might need to troubleshoot other inter-Splunk communications based on your environment.

 @youngsuh @swati_singh 

Let me know how it goes!

View solution in original post

tsmadi
Explorer

Hello, 

Sorry for taking so long to reply,  but Splunk support should have taken care of this issue long time ago!

 

As promised, the solution for this issue is to enable the client authentication to use the SSL certificates provided for inter-server communication (Splunk components within the server) because the server is forced to authenticate all communications when  requireClientCert=true.

To enable this go to 

/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/lib/SplunkEnterpriseSecuritySuite_app_common/solnlib/packages/requests/sessions.py

Edit the file and modify the following Python tuple:

self.cert = ("Path to CA", "Path to certificate")

Save the file and restart splunk. The glass Tables should work now with no problem. However, you might need to troubleshoot other inter-Splunk communications based on your environment.

 @youngsuh @swati_singh 

Let me know how it goes!

View solution in original post

swati_singh
Observer

Hi, did you manage to solve this issue? I am getting the same issue in another app.

0 Karma

tsmadi
Explorer

Hello,

Yes, I did solve it.

After Splunk support failing to solve it, I had to act on my own.

I solved it and Splunk support asked me to show them the solution and after they saw it, they were supposed to modify it and register a bug on my name but unfortunately they didn't. 

If you are still having this problem let me know and I will post the solution.

 

Regards 

0 Karma

youngsuh
Path Finder

Yes.  I am having an issue.  Please post the solution.

Tags (2)
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.