Splunk SOAR (f.k.a. Phantom)

Phantom integration giving the ssl error, how to disable them?


I am seeing the below issue,
Httpsconnectionpool(host='phantomdev..com', port=XXX): max retries exceeded with url: /rest/ph_user?include_automation=true&filter_token_key='' (caused by sslerror(sslerror(1, u'[ssl: certificate_verify_failed] certificate verify failed (_ssl.c:741)'),))

i was trying to disable the ssl, which was in README, was not able to succeeded because of i haven't seen those conf.

Labels (2)
0 Karma

Splunk Employee
Splunk Employee

Did the link and advice from @ansusabu and/or @WalshyB help you get this solved?

0 Karma


You can use the curl command given in README for disabling ssl

0 Karma

Path Finder

https://docs.splunk.com/Documentation/PhantomApp/2.7.5/Install/ConfigureCerts, see "Manage HTTPS certificate validation using configuration files", did you do those steps followed by a restart?

0 Karma
Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...