Proper Solution:
edit your /etc/systemd/system/Splunkd.service
in the [Service] section add the following two lines:
Environment=REQUESTS_CA_BUNDLE=/etc/ssl/ca-bundle.pem
Environment=SSL_CERT_FILE=/etc/ssl/ca-bundle.pem
Replace /etc/ssl/ca-bundle.pem with the path to your CA bundle with your own certificate (or keep the path and add your ca certificates to the linux os truststore)
Python standard libs (httplib,urlib3) will use the CA trust bundle specified in SSL_CERT_FILE and the requests library will use REQUESTS_CA_BUNDLE.
One problem left: Splunk will often connect by IP adress instead of using proper hostnames. For Security Essentials you might have two options (I verified the first): -include IP 127.0.0.1 in the certificate of the Search Head or -in web.conf set mgmtHostPort =<SPLUNK-SEARCH-HEAD-FQDN>:8089 (Security Essentials will read this property in bin/sse_id_enrichment.py and will use it for the connection)
... View more