Curl Command SSL Error on Search Head

harishsplunk7 · ‎03-27-2025

We have a total of five search heads, and while four of them are successfully executing the curl command, one search head is encountering an SSL error, specifically a SSLError with a curl status of 408.

HTTPSConnectionPool(host='localhost', port=8801): Max retries exceeded with url: /servicesNS/nobody/alert/saved/searches/alert/acl (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))

what is the next steps to identify and resolve the root cause of this SSL error.

richgalloway · ‎03-27-2025

The cause is in the error message: "certificate verify failed: self signed certificate in certificate chain". Make sure all of the search heads have the same PEM file.

---
If this reply helps you, Karma would be appreciated.

harishsplunk7 · ‎03-27-2025

thank you for the update, all the search head having same pem file.

Curl Command SSL Error on Search Head

eval

field extraction

lookup

metadata

regex

subsearch

timechart

transaction

tstats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Join the Conversation

Curl Command SSL Error on Search Head

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.