Hello  @Alan_Chan , did you resolved problem? I have same problem, tried to disable https verification but still have sslv3 alert handshake failure ... View more

anybody can help? Tried to do clean install fo splunk and soar, they are on same network, https verification disabled, firewall communication is allowed.. but still sslv3 handshake failure.. are there any different ssl configuration for rest api in splunk soar export app? { "ph-auth-token": "xxx=","server": "https://fqdn or ip" } tried to enable https, add ca certificates and self signed certificates for server, but still no luck. when trying to curl on base os level, everything works. Only splunk soar export app dont know how to communicate.. ... View more

I have generated certificate in our CA, configured as web cert and it is visible now..  added CA chain to cert_bundle.pem in ~/etc/apps/phantom/local in splunk export app, and same on other soar side, added CA chain via python import_cert.py, tried to enabled SSL checking but still no luck and same error. ... View more

Yes, i have disabled certificate verification via this guide over REST API and it is showing disabled SSL verification status on top of the site.  These logs are from var/log/splunk/phantom_configuration.log Here is whole part: Traceback (most recent call last): File "/opt/splunk/etc/apps/phantom/bin/phantom_rest.py", line 250, in handle_POST _, _ = pi.verify_server() File "/opt/splunk/etc/apps/phantom/bin/phantom_instance.py", line 489, in verify_server response = requests.get( File "/opt/splunk/etc/apps/phantom/bin/phantom_requests/api.py", line 73, in get return request("get", url, params=params, **kwargs) File "/opt/splunk/etc/apps/phantom/bin/phantom_requests/api.py", line 59, in request return session.request(method=method, url=url, **kwargs) File "/opt/splunk/etc/apps/phantom/bin/phantom_requests/sessions.py", line 587, in request resp = self.send(prep, **send_kwargs) File "/opt/splunk/etc/apps/phantom/bin/phantom_requests/sessions.py", line 701, in send r = adapter.send(request, **kwargs) File "/opt/splunk/etc/apps/phantom/bin/phantom_requests/adapters.py", line 517, in send raise SSLError(e, request=request) phantom_requests.exceptions.SSLError: HTTPSConnectionPool(host='soar-fqdn', port=8443): Max retries exceeded with url: /rest/user_settings (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1161)'))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/splunk/etc/apps/phantom/bin/phantom_rest.py", line 285, in handle_POST raise Exception(message) Exception: Failed to communicate with user "" on SOAR server "https://soar-fqdn:8443". ... View more