I recently upgraded Splunk and Security Essentials. After the upgrade I followed @Christoph_vW's instructions and I am not seeing any errors. ... View more

Yeah definitely seems weird. Maybe because Firefox is open source? Just guessing though 🙂 ... View more

They have a pre-defined list of acceptable CAs that you can't modify. I believe it is a list approved or created by Mozilla. ... View more

@PickleRick In case you are interested this is the only solution I found for my issue. So short story ... There is an issue with python3 that it can't/won't respect self signed certs, there is no workaround to make it recognize your CA. You can create a unique SSL context in each of the SSE config files that don't check SSL Steps: (reference:https://stackoverflow.com/questions/27835619/urllib-and-ssl-certificate-verify-failed-error?page=1&tab=scoredesc#tab-top) cd /opt/splunk/etc/apps/Splunk_Security_Essentials/bin grep -r "urlopen(request)" /opt/splunk/etc/apps/Splunk_Security_Essentials/bin In each config file that has a urlopen command you need to modify the following: At the top of the file: import ssl context = ssl._create_unverified_context() At each urlopen line (search in vi using /urlopen) add context=context like this: urlopen(request, context=context) Re-run the grep command to make sure you have modified everything. As you noted above with all these edits we won't be able to update SSE unless we then go through this process again after updating, but unless Python changes how they do SSL verification we don't really have a choice. Thanks again for your assistance in pointing me in the right direction.       ... View more

I think I found some of the code in SSE that is making the URL request.  Would anyone be able to help me identify where I could pass a "verify=false" flag? base_url = "https://" + getConfKeyValue('web', 'settings', 'mgmtHostPort') request = six.moves.urllib.request.Request(base_url + '/services/pullJSON?config=data_inventory', headers={'Authorization': ('Splunk %s' % self.sessionKey)}) search_results = six.moves.urllib.request.urlopen(request) ... View more

Thanks for your reply @PickleRick. Can you provide any direction on where in the SSE config files I would need to add "verify_certificate": False to stop the app from checking the cert? I am aware this isn't ideal but I am not finding any information on making Splunk respect my CA cert that I have added to the OS ca cert file. Thanks, ... View more

Does anyone have any thoughts on what the issue might be? Any other information I can provide to help diagnose? ... View more

Hi @scelikok and @PickleRick, I don't have the "Splunk Enterprise Security Content Update" app and we have a pretty basic setup. One search head and one indexer. One thing I was seeing some information about was self signed certs potentially causing this error. We have a DNS entry that we are using and have a certificate in place that is signed by our internal CA. Again everything is working as expected in Splunk with no certificate errors, but SSE seems to not work.  When I go to the Data Inventory Overview I get this error, but I thought it was maybe because I just wasn't able to add any content because that page is broken as well. Please let me know what other details I can provide to help diagnose. Thanks! ... View more