- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- How to resolve Akamai Siem integration error with ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello!!
I'm trying to integrate Akamai with Splunk using the APP: https://splunkbase.splunk.com/app/4310 But when trying to configure, I get the error below:
"Encountered the following error while trying to save: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
Java was installed as required:
java -version
openjdk version "1.8.0_352"
OpenJDK Runtime Environment (build 1.8.0_352-b08)
OpenJDK 64-Bit Server VM (build 25.352-b08, mixed mode)
The APP was installed on my Splunk Enterprise(HeavyFowarder), the configuration was based on this document: https://techdocs.akamai.com/siem-integration/docs/siem-splunk-connector I imported the certificate into the Java path: keytool -importcert -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9.x86_64/jre/lib/security/cacerts -storepass changeit -file certificate.crt Reference - https://stackoverflow.com/questions/21076179/pkix-path-building-failed-and-unable-to-find-valid-cert... Error in Log:
"01-13-2023 11:39:54.829 -0300 INFO SpecFiles - Found external scheme definition for stanza="TA-Akamai_SIEM://" from spec file="/opt/splunk/etc/apps/TA-Akamai_SIEM/README /inputs.conf.spec" with parameters="hostname, security_configuration_id_s_, client_token, client_secret, access_token, initial_epoch_time, final_epoch_time, limit, log_level, proxy_host, proxy_port"
01-13-2023 11:39:55.241 -0300 INFO ModularInputs - Introspection setup completed for scheme "TA-Akamai_SIEM".
01-13-2023 11:42:07.678 -0300 WARN ModularInputs - Argument validation for scheme=TA-Akamai_SIEM failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification target path to requested
01-13-2023 11:42:29.337 -0300 WARN ModularInputs - Argument validation for scheme=TA-Akamai_SIEM failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification target path to requested"
I don't use proxy... Does anyone have a light? I'm losing hope of doing this integration! Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello!
I rolled back the SIEM Integration add-on version to 1.4.15 and it worked. You still need to add the akamai certificate to your JRE's cacerts (I'm using 1.9) and see if your Splunk accesses the AKAMAI endpoint URL. Hope this helps!
Add-on url:
Akamai SIEM Integration | Splunkbase
Session Version History
Access the host url using browser (like https://akab-xxxxxx.luna.akamaiapis.nt) and dowload the certificate. Follow the procedure to input the certificate inside cacerts. My example:
keytool --importcert -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_7.x86_64/jre/lib/security/cacerts -storepass changeit -file /opt/splunk/etc/auth/mycert/root.crt -alias "rhel-root"
Regardless of the JRE version, or cacerts will always be in xxxxx/jre/lib/security/cacerts
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello!
I tested it on version 1.4.15, now it's working normally.
Thank you all for your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you create and install a valid certificate on your Splunk?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello.
No, I haven't tried that.
Did you test it that way?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello!
I rolled back the SIEM Integration add-on version to 1.4.15 and it worked. You still need to add the akamai certificate to your JRE's cacerts (I'm using 1.9) and see if your Splunk accesses the AKAMAI endpoint URL. Hope this helps!
Add-on url:
Akamai SIEM Integration | Splunkbase
Session Version History
Access the host url using browser (like https://akab-xxxxxx.luna.akamaiapis.nt) and dowload the certificate. Follow the procedure to input the certificate inside cacerts. My example:
keytool --importcert -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_7.x86_64/jre/lib/security/cacerts -storepass changeit -file /opt/splunk/etc/auth/mycert/root.crt -alias "rhel-root"
Regardless of the JRE version, or cacerts will always be in xxxxx/jre/lib/security/cacerts
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just ran into this issue and as an easy alternative you can also add:
disable_splunk_cert_check = true
to every input you have under the stanza. It is mentioned in their guide but for some reason they did not include it in the GUI option like they suggest it is there.
https://techdocs.akamai.com/siem-integration/docs/siem-splunk-connector
Yet another case where companies think software engineers can be SE's and tech writers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same problem. I tried the same thing as you and I didn't succeed either. I use an HF onpremises and the rest of the environment in Splunk Cloud. I have two customers waiting for integration with Akamai and both have the same problem...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Having same issue.
Splunk 9.0.3
OpenJDK 1.8.0
Akamai app 1.4.17
Tried adding the host url cert to cacerts, restarted splunk, but no change, still fails with error
Encountered the following error while trying to update: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Not sure what to try next. Might try downgrading to 1.4.15 as time allows.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try to downgrade the add-on. Did you follow the procedure to add the akamai certificate to the JRE cacerts?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Downgraded to 1.4.15 and got it working again. Also tried downgrading to 1.4.16, but it did not work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, also added the intermediate cert and tried adding the ca cert, but the ca cert was already in the store. Rebooted the search head and tried creating a new data input, but I get the same error.
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
