Splunk SOAR (f.k.a. Phantom)

Phantom integration giving the ssl error, how to disable them?


I am seeing the below issue,
Httpsconnectionpool(host='phantomdev..com', port=XXX): max retries exceeded with url: /rest/ph_user?include_automation=true&filter_token_key='' (caused by sslerror(sslerror(1, u'[ssl: certificate_verify_failed] certificate verify failed (_ssl.c:741)'),))

i was trying to disable the ssl, which was in README, was not able to succeeded because of i haven't seen those conf.

Labels (2)
0 Karma

Splunk Employee
Splunk Employee

Did the link and advice from @ansusabu and/or @WalshyB help you get this solved?

0 Karma


You can use the curl command given in README for disabling ssl

0 Karma


https://docs.splunk.com/Documentation/PhantomApp/2.7.5/Install/ConfigureCerts, see "Manage HTTPS certificate validation using configuration files", did you do those steps followed by a restart?

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...