Issues with the SSL Checker app modes:
SSL checker auto mode:
SSL checker is not capturing all the pem files located in /opt/splunk/etc/auth directory
SSL checker manual mode:
SSL checker is working fine in the manual mode and getting the end date of certs when given the location of the cert paths with comma separated values but throwing the following error.
Error: Invalid key in stanza [SSLConfiguration] in /opt/splunk/etc/apps/ssl_checker/local/ssl.conf
@jkat54 can you please address the issue
We are using the ssl_checker app version 3.2 and we are on splunk enterprise 7.3.8
Auto mode only scans for certs that are in use in your default and local conf files that possibly contain links to pem files.
that is to say, if you're using the cert in web, server, inputs, outputs, Distsearch, conf files, the ssl checker app in auto mode, will discover you have specified a cert in one of those files and index its expiration date.
For example the directory /opt/splunk/etc/auth had server.pem file, I have added .pem file from other machine to this directory, is that supposed to get the expiration details of the newly added .pem file ??
Thanks for your immediate response.
We had few .pem files from other machines to be monitored in the manual mode.
So we did gave the path in the web ui with comma separated values and copied .pem files in a common location, I was able to see the expiration details but in the backend I was seeing the below error. Can you please let me know why the error is being created.
Invalid key in stanza [SSLConfiguration] in /opt/splunk/etc/apps/ssl_checker/local/ssl.conf
local ssl.conf configuration:
disabled = 0
certPaths = /opt/splunk/etc/auth/sslchecker/<host1>.pem, /opt/splunk/etc/auth/sslchecker/<host2>.pem, /opt/splunk/etc/auth/sslchecker/<host3>.pem, /opt/splunk/etc/auth/sslchecker/<host4>.pem
Does the error cause any other issues? You have the data... sounds like the app works, it's just missing the conf.spec file or something. I wouldn't worry too much about it if I were you, and I'm happy to add it to the bug list