Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why can't I use cliVerifyServerName = True with self signed certificate?

andymalato
Explorer
‎02-28-2023 10:15 AM

We are working on upgrading our Splunk environment from 8.2.7 to 9.0.4

When we attempt to set cliVerifyServerName = true in server.conf and start splunk, the following is message just keeps being echoed  in an endless loop "ERROR: certificate validation: self signed certificate."

We are only using self signed certificates to secure splunkd but SplunkWeb does have a real cert signed by an recognized signing authority.    If we don't set this we see the following message on startup:  

".WARNING: Server Certificate Hostname Validation is disabled. Please see server.conf/[sslConfig]/cliVerifyServerName for details"

This feels like a bug to me but not sure since certificates are complicated.   

Any one else running into this issue ?

 

Thanks.

 

Labels (3)
0 Karma
Reply

andymalato
Explorer
‎03-13-2023 09:50 AM

This is somehow tied to SplunkWEB because when we set cliVerifyServerName = true on our indexers (which don't run a web interface) this error does not happen and splunkd starts without issue.  I believe the issue is that we are using a self-signed certificate for splunkd but for splunkWEB we are using a signed certificate recognized by a known signing authority.  It seems that the mixture of a self-signed certificate in the mix is causing the issue.  However,  I believe this should be a supported configuration as using two different certificates for splunkd and splunkWEB is supported.    This feels like a bug.  

0 Karma
Reply

jorma
Loves-to-Learn
‎03-01-2024 09:00 AM

We are having this exact issue - were you able to find a solution?

0 Karma
Reply

_pravin
Communicator
‎03-12-2024 02:52 AM

Hi @jorma ,

 

There are a few things you need to check for certificates.

  1. Check if the certificate is pointing to the right file in web.conf
  2. If you have a different name for the Splunk web URL, make sure that you have all of them the SAN part of the certificate file.

I had encountered both of the above issues and once I made the change, our Splunk instance was working perfectly.

 

Thanks,

Pravin

0 Karma
Reply

kdulle
Explorer
‎03-13-2023 09:32 AM

I'm seeing the same thing.  Let me know if you find out more.

Pretty sure this python warning was new after the upgrade as well.
Upgrading from 9.0


cliVerifyServerName.png


0 Karma
Reply

andymalato
Explorer
‎03-14-2023 04:00 AM

The feature to use TLS hostname validation for Python modules was available starting in 9.0.  See https://docs.splunk.com/Documentation/Splunk/9.0.4/Installation/AboutupgradingREADTHISFIRST for details.   We were able to silence the message by setting PYTHONHTTPSVERIFY = 1 in splunk-launch.conf.  Hope that helps.

 

 

Reply

kdulle
Explorer
‎03-14-2023 05:42 AM

Yes, I can confirm that when I added that to splunk-launch.conf the python message went away.

Thanks for clarifying your issue above yesterday on using two different certs causing the problem.  My issue ended up being a typo in the sslRootCAPath in server.conf.

I appreciate your quick replies.

0 Karma
Reply

_pravin
Communicator
‎03-03-2023 07:28 AM

I see a similar issue but I have set cliVerifyServerName = false. But from your answer, if it doesn't make a difference I am interested to see what changes we need to employ.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...