Security

Splunk TA won't download data from cloud server since SSL decryption -- how to "trust" the firewall cert?

NathanDLee
Observer

On Splunk Enterprise 9.0.4, we are using the Proofpoint Isolation TA to download Isolation data into Splunk from the Proofpoint Isolation cloud.  However, when we activated SSL decryption on the URLs at our firewall for other necessary reasons, the TA stopped working, giving these errors in the logs:

 

2024-01-09 19:09:52,554 WARNING pid=9240 tid=MainThread file=connectionpool.py:urlopen:811 | Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)'))': /api/v2/reporting/usage-data?from=2023-11-29T01%3A17%3A33.000&to=2024-01-10T01%3A09%3A52.188&pageSize=10000


2024-01-09 19:09:52,657 ERROR pid=9240 tid=MainThread file=base_modinput.py:log_error:309 | Call to send_http_request failed: HTTPSConnectionPool(host='urlisolation.com', port=443): Max retries exceeded with url: /api/v2/reporting/usage-data?from=2023-11-29T01%3A17%3A33.000&to=2024-01-10T01%3A09%3A52.188&pageSize=10000 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))

The error makes sense, since it's not (yet) a "trusted root" cert for this Splunk instance.

How do I properly configure Splunk (or, perhaps, the Python client) to recognize this firewall root certificate as valid, or at the very least to stop validating the certificates provided by the outside server.  The latter would be my least-preferred choice, obviously.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...