Hi experts,
We are getting this error consistently while querying data from Splunk Enterprise hosted in the company's internal network.
String token = System.getenv("SPLUNK_TOKEN"); ServiceArgs loginArgs = new ServiceArgs(); loginArgs.setPort(8089); loginArgs.setHost("splunk.org.company.com"); loginArgs.setScheme("https"); loginArgs.setToken(String.format("Bearer %s", token)); service = new Service(loginArgs); log.info("service val is {}", service.toString()); Service.setValidateCertificates(false);
Here is the stack trace.
@tscroggins Yes, the certificate is imported on the client. SDK is calling from a docker image, and in the docker startup we have added instructions to import root CA, and the the splunk certificate.
Ugh. Docker 😉
But seriously, first things first. Check with normal openssl whether you can properly connect to the server. If not, then problems are on the server's side. If yes, then on the client's side.
openssl s_client -connect splunk.your.org.domain:8089 -CAfile path_to/your_rootCA.pem
Hi @ssbapat,
A complete stack trace would reveal more, but in a nutshell, certificate verification failed in the underlying SSL/TLS class. Does "splunk.org.company.com" (or the actual hostname) match either the common name (cn) or a subject alternative name (SAN or subjectAltName) on the server's certificate? Are all certificates in the server's certificate chain trusted by the client?