All Apps and Add-ons

How do I fix this error when trying to set up o365 Add-on?

Warren_Laya
Explorer

Hi All

trying to set this up and im getting the following error:

rllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.533 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)

I realise the URL says :

import urllib3
urllib3.disable_warnings()

but where does that actually go in the script?

Labels (1)
0 Karma
1 Solution

Warren_Laya
Explorer

resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"

  • Convert zscaler certificate to .pem
    openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM
  • Insert .pem into o365 app cacert
    cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem
  • Ensure ownership
    chown splunk.splunk *
  • Restart splunk
    systemctl restart splunk
  • Add tenant

This might be useful for anyone else with certificate issues.

View solution in original post

thambisetty
SplunkTrust
SplunkTrust

/opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py

connectionpool.py might be throwing this warning.

can you check connectionpool.py if its importing urllib3?

if yes, add to this file.

————————————
If this helps, give a like below.
0 Karma

Warren_Laya
Explorer

Add where to the file? If I just put it in the top I get the same error, if I put it in the line where the error is I get another error, I know it needs to be added, but where is it added?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

first method,

in that file, you can add below:
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarningrequests.packages.urllib3.disable_warnings(InsecureRequestWarning)

OR another method is 

This warning can be disabled by setting PYTHONWARNINGS="ignore:Unverified HTTPS request" in ~/.bashrc of user with which splunk is running.

————————————
If this helps, give a like below.
0 Karma

Warren_Laya
Explorer

resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"

  • Convert zscaler certificate to .pem
    openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM
  • Insert .pem into o365 app cacert
    cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem
  • Ensure ownership
    chown splunk.splunk *
  • Restart splunk
    systemctl restart splunk
  • Add tenant

This might be useful for anyone else with certificate issues.

jason_prondak
Explorer

Looking at the code.  /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem does not get referenced anywhere. There is only a comment to. but no actual code to do it.

 

0 Karma

Warren_Laya
Explorer

Not sure its in its own code or how Splunk launches the app but this 100% resolved my issue.

0 Karma

nicktaitano
Explorer

THANK YOU THIS RESOLVED OUR ISSUE.

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...