We are working on upgrading our Splunk environment from 8.2.7 to 9.0.4
When we attempt to set cliVerifyServerName = true in server.conf and start splunk, the following is message just keeps being echoed in an endless loop "ERROR: certificate validation: self signed certificate."
We are only using self signed certificates to secure splunkd but SplunkWeb does have a real cert signed by an recognized signing authority. If we don't set this we see the following message on startup:
".WARNING: Server Certificate Hostname Validation is disabled. Please see server.conf/[sslConfig]/cliVerifyServerName for details"
This feels like a bug to me but not sure since certificates are complicated.
Any one else running into this issue ?
Thanks.
This is somehow tied to SplunkWEB because when we set cliVerifyServerName = true on our indexers (which don't run a web interface) this error does not happen and splunkd starts without issue. I believe the issue is that we are using a self-signed certificate for splunkd but for splunkWEB we are using a signed certificate recognized by a known signing authority. It seems that the mixture of a self-signed certificate in the mix is causing the issue. However, I believe this should be a supported configuration as using two different certificates for splunkd and splunkWEB is supported. This feels like a bug.
We are having this exact issue - were you able to find a solution?
Hi @jorma ,
There are a few things you need to check for certificates.
I had encountered both of the above issues and once I made the change, our Splunk instance was working perfectly.
Thanks,
Pravin
I'm seeing the same thing. Let me know if you find out more.
Pretty sure this python warning was new after the upgrade as well.
Upgrading from 9.0
The feature to use TLS hostname validation for Python modules was available starting in 9.0. See https://docs.splunk.com/Documentation/Splunk/9.0.4/Installation/AboutupgradingREADTHISFIRST for details. We were able to silence the message by setting PYTHONHTTPSVERIFY = 1 in splunk-launch.conf. Hope that helps.
Yes, I can confirm that when I added that to splunk-launch.conf the python message went away.
Thanks for clarifying your issue above yesterday on using two different certs causing the problem. My issue ended up being a typo in the sslRootCAPath in server.conf.
I appreciate your quick replies.
I see a similar issue but I have set cliVerifyServerName = false. But from your answer, if it doesn't make a difference I am interested to see what changes we need to employ.