All Apps and Add-ons

Splunk Addon SSL Certificate Checker / non-splunk certs

tke_lc_2
Engager

Dear Michael (@jkat54),

we successfully use your Splunk Addon SSL Certificate Checker Version 4.0.2 with the internal Splunk Certificates. Thank you for sharing.

Now we had the idea also to check some external Certificates, means certs on same server but not splunk certs.

Unfortunately I don’t get this up and runnig.

I tried to run the commands manually (see results below).

ssl_checker3 worked

ssl_checker2 failed

I configured the location manually and through the UI. It seems a python module is missing, but I cannot find it. I run a fresh install of Splunk 8.1 on a Test System.

splunk@ultra:~/etc/apps/ssl_checker/bin$ python3 ssl_checker3.py cert="/opt/splunk/etc/auth/cacert.pem" b'expires="Jan 28 20:26:54 2027 GMT\n'

cert="/opt/splunk/etc/auth/appsCA.pem" b'expires="Jan 28 12:00:00 2028 GMT\n'

cert="/opt/splunk/etc/auth/appsLicenseCA.pem" b'expires="Mar  8 12:00:00 2023 GMT\n'

cert="/opt/splunk/etc/auth/server.pem" b'expires="Nov  5 12:20:38 2023 GMT\n'

cert="/opt/splunk/etc/auth/splunkweb/cert.pem" b'expires="Nov  5 12:20:40 2023 GMT\n'

 

So if python is installed in the system, we can also use the app on UF. Thats fine! 😉

 

splunk@ultra:~/etc/apps/ssl_checker/bin$ python3 ssl_checker2.py Traceback (most recent call last):

  File "ssl_checker2.py", line 19, in <module>

    import splunk.mining.dcutils as dcu

ModuleNotFoundError: No module named 'splunk'

Okay, the splunk python modules are missing. When I run with the splunk internal python it shows me the following.

splunk@ultra:~/etc/apps/ssl_checker/bin$ /opt/splunk/bin/python3 ssl_checker2.py 'str' object has no attribute 'decode'

The config Files look like this:

splunk@ultra:~/etc/apps/ssl_checker/bin$ cat ../local/ssl.conf

[SSLConfiguration]

disabled = 0

certPaths = /cribl/local/cribl/auth/server.pem

 

splunk@ultra:~/etc/apps/ssl_checker/bin$ cat ../local/inputs.conf

[script://./bin/ssl_checker2.py]

disabled = 0

 

[script://./bin/ssl_checker3.py]

disabled = 0

splunk@ultra:~/etc/apps/ssl_checker/bin$

 

So the problem seems to be with script ”ssl_checker2.py” and the error: “'str' object has no attribute 'decode'”

Do you have an idea, what could go wrong and how we could track that down? Your help would be really appreciated.

Kind Regards

Thilo

Labels (1)
1 Solution

tke_lc_2
Engager

Since there was no reply, we simply added a scripted input to workaround this. It works as expected.

for cert in `grep certPaths /opt/splunkforwarder/etc/apps/ssl_checker/local/ssl.conf | cut -d "=" -f2 | cut -d "," -f 1-10`; do
expiry_date=`/usr/bin/openssl x509 -in $cert -noout -enddate | cut -d"=" -f2`
echo cert=\"$cert\" expires=\"$expiry_date\"
done

 

View solution in original post

Tags (1)
0 Karma

tke_lc_2
Engager

Since there was no reply, we simply added a scripted input to workaround this. It works as expected.

for cert in `grep certPaths /opt/splunkforwarder/etc/apps/ssl_checker/local/ssl.conf | cut -d "=" -f2 | cut -d "," -f 1-10`; do
expiry_date=`/usr/bin/openssl x509 -in $cert -noout -enddate | cut -d"=" -f2`
echo cert=\"$cert\" expires=\"$expiry_date\"
done

 

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...