Hi, I’m currently encountering the following error message in `splunkd.log` when I enable the custom TA Add-on. I have a Python script that successfully tests the signed CSR, private key, and root ...
See more...
Hi, I’m currently encountering the following error message in `splunkd.log` when I enable the custom TA Add-on. I have a Python script that successfully tests the signed CSR, private key, and root CA. It can establish a connection and retrieve logs as expected. However, when using the application created, I am seeing the error message. I’ve double-checked the values, and everything seems to be the same. In our testing environment, it works, but the only difference I noticed is that the root CA certificate is in .csr format. Should I convert it to .pem, as we did in the testing environment? -0700 ERROR ExecProcessor - message from "/data/splunk/bin/python3.7 /data/splunk/etc/apps/TA_case/bin/case.py" HTTPSConnectionPool(host='<HiddenForSensitivityPurpose>', port=443): Max retries exceeded with url: <HiddenForSensitivityPurpose>caseType=Service+Case&fromData=2025-02-06+17%3A23&endDate=2025-02-06+21%3A23 (Caused by SSLError(SSLCertverificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1106)')))