Splunk Search

HTTP Event Collector: How do I resolve error "x509: cannot validate certificate because it doesn't contain any IP SANs"

dzlabs
Engager

I'm trying to submit logs to the HTTP Event Collector from a go application. I've correctly setup the Event Collector (I can successfully curl it), however I see the following error when I submit a POST:

2016/01/14 16:37:03 utils.go:75 utils.splunkit ERROR Post https://xx.xx.xxx.xx:9000/services/collector/event: x509: cannot validate certificate for xx.xx.xxx.xx because it doesn't contain any IP SANs

Here is a code snippet of how I am posting to Splunk:

func splunkit(host string, port int, token string, data []byte) {
    body := bytes.NewReader(data)
    url := fmt.Sprintf("https://%s:%d/services/collector/event", host, port)
    client := &http.Client{}
    req, err := http.NewRequest("POST", url, body)
    req.Header.Add("Authorization", "Splunk "+token)
    resp, err := client.Do(req)
    if err == nil {
        log.Info(resp)
    } else {
        log.Error(err)
    }
}

How I can use a certificate on the client side in order to successfully submit logs to Splunk directly from my app??

0 Karma
1 Solution

Jeremiah
Motivator

What is the value of your host variable? Is it an IP address? The error is complaining that the certificate on your HTTP event collector was not signed with an IP address in the subject or in the list of subject alternative names. You should set host to the value that matches the certificate; either the subject CN or one of the subject alternative name values. Run this command to see the subject value of your certificate:

echo - | openssl s_client -connect your-host:9000 | openssl x509 -subject -noout|more

If you would like to see the subject alternative names, print out the entire certificate:

echo - | openssl s_client -connect your-host:9000 | openssl x509 -text -noout|more

If you didn't customize the cert, then you probably just have a default self-signed certificate. You can use these instructions to load the certificate onto your client:

http://pro-tips-dot-com.tumblr.com/post/65472594329/golang-establish-secure-http-connections-with

View solution in original post

Jeremiah
Motivator

What is the value of your host variable? Is it an IP address? The error is complaining that the certificate on your HTTP event collector was not signed with an IP address in the subject or in the list of subject alternative names. You should set host to the value that matches the certificate; either the subject CN or one of the subject alternative name values. Run this command to see the subject value of your certificate:

echo - | openssl s_client -connect your-host:9000 | openssl x509 -subject -noout|more

If you would like to see the subject alternative names, print out the entire certificate:

echo - | openssl s_client -connect your-host:9000 | openssl x509 -text -noout|more

If you didn't customize the cert, then you probably just have a default self-signed certificate. You can use these instructions to load the certificate onto your client:

http://pro-tips-dot-com.tumblr.com/post/65472594329/golang-establish-secure-http-connections-with

dzlabs
Engager

the host variable is an IP address, thanks for hint.

0 Karma

ppablo
Retired

Hi @dzlabs

Glad you got the hint you needed to fix your issue here on Answers 🙂 Please don't forget to resolve your posts by clicking "Accept" directly below @Jeremiah's answer. This will make it easier for other users with the same question find the solution. Thanks!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...