- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Running a clean install on RHEL 8.9, kernel version 4.18.0-553.34.1.el8_10.x86_64. Followed the instructions on the install page for the soar-prepare-system command, not running clustered, default options for everything, created the phantom user with no trouble. /opt/splunk-soar is owned by phantom, ran the soar-install command as phantom, got through everything fine until the GitRepos step, hit this error:
"INSTALL: GitRepos
Configuring default playbook repos
Failed to bootstrap playbook repos
Install failed."
Detailed error logs look kind of ugly, but seeing this:
File \"/opt/splunk-soar/usr/python39/lib/python3.9/site-packages/git/cmd.py\", line 1388, in execute", " raise GitCommandError(redacted_command, status, stderr_value, stdout_value)", "git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)", " cmdline: git ls-remote --heads https://github.com/phantomcyber/playbooks", " stderr: 'fatal: unable to access 'https://github.com/phantomcyber/playbooks/': SSL certificate problem: unable to get local issuer certificate'"], "time_elapsed_since_start": 6.000021, "time_elapsed_since_operation_start": 4.386305}
Any thoughts on how to get it to get the local issuer certificate, or another way around the issue? Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Turns out the issue was the break and inspect from the corporate firewall. Standard global git config fix didn't work, as it seems that as part of the install process, SOAR changes the config key to http.sslcainfo=$SOAR_HOME/etc/cacerts.pem.
Modifying that cacerts.pem file to add the full chain of certs you get when navigating to GitHub from a browser on the same network ended up working to get SOAR to install successfully.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Turns out the issue was the break and inspect from the corporate firewall. Standard global git config fix didn't work, as it seems that as part of the install process, SOAR changes the config key to http.sslcainfo=$SOAR_HOME/etc/cacerts.pem.
Modifying that cacerts.pem file to add the full chain of certs you get when navigating to GitHub from a browser on the same network ended up working to get SOAR to install successfully.
