×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
satyen_usda
Loves-to-Learn
Member since: ‎06-13-2024
yesterday
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-13-2024
Activity Feed
Topics I've Started
View All

Re: Phantom on-prem Install

by in Splunk SOAR
a week ago
a week ago
I encountered multiple certificate errors running the upgrade script from SOAR from 7.0.0 to 8.5.0. 1) Running the upgrade with the -v option was essential to get detailed error info ( /opt/soar/splunk-soar/soar-install --splunk-soar-home /opt/soar --upgrade --with-apps -v) 2) Encountered "Failed Splunk SOAR initialization" error.  The cause was a combination of an old DER certificate in /opt/soar/etc/certs/ (fixed by executing:  openssl x509 -inform der -in ./dercert.crt -out ./dercert.crt)   It only worked when I reformatted the script AFTER the error throws, then resuming upgrade.  If I reformatted before the error throws, the script would bomb on cp errors. 3) Also, a nonprintable character was in in /opt/soar/etc/cacerts.pem (fixed by:  LC_ALL=C tr -cd '\0-\177' < input.txt > output.txt) 4) Also, a missing CA cert for Sectigo E46 was needed in /opt/soar/etc/cacerts.com to validate https://github.com. ... View more
Contact Me
Online Status
Offline
Date Last Visited
yesterday