Security

Splunk .NET SDK, Steps for connecting to Splunk instance using SSL (https)

somesoni2
SplunkTrust
SplunkTrust

Hi All,

I have just started working with Splunk C# SDK. I have a local Splunk instance which is not using SSL and I am able to connect to it (and get list of application, for test) using following code.

ServiceArgs svcArgs = new ServiceArgs();
svcArgs.App = "search";
svcArgs.Host = "myhost";
svcArgs.Port = 8089;
splunkService = new Service(svcArgs);             
splunkService.Login("username", "password");
foreach (var app in splunkService.GetApplications())
{
MessageBox.Show(app.Label);
}

However, When I try to use the same code with a splunk instance configured with SSL, I get following error (which I do expect as I am not setting any property to use SSL).

The request was aborted: Could not create SSL/TLS secure channel.

I couldn't find any good doc with steps required to make this code to connect to a SSL Splunk, but I tried to add this before "splunkService.Login" stmt.

splunkService.Scheme = HttpService.SchemeHttps;

Now I get this error:

The underlying connection was closed: An unexpected error occurred on a send.

Could anyone give me pointers on what I need to do to be able to connection Splunk with SSL?

Thanks in advance.

Tags (3)
0 Karma
1 Solution

ywu_splunk
Splunk Employee
Splunk Employee

Regarding to SSL client certificate, unfortunately, the SDK currently does not support SSL client certificate. If you'd like, you may clone the SDK github repository and make a modification. You wound need to change the following function in HttpService.cs, and supply your client certificate by HttpWebRequest.ClientCertificates.

View solution in original post

ywu_splunk
Splunk Employee
Splunk Employee

Regarding to SSL client certificate, unfortunately, the SDK currently does not support SSL client certificate. If you'd like, you may clone the SDK github repository and make a modification. You wound need to change the following function in HttpService.cs, and supply your client certificate by HttpWebRequest.ClientCertificates.

ywu_splunk
Splunk Employee
Splunk Employee

What do you mean by 'do telnet on port 8089'? Did you provision a telnet server on port 8089?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

By the way I am able to do telnet on port 8089. Does it means the port is open in firewall?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

I figured that too. I tried adding code in HttpService.cs -> Send method (I have one caCert file, one sslKeysfile and sslKeysfilePassword), tried different combinations but it failed with same error. I guess It may be related to firewall issue where port 8089 is not open. I will look into it and test again. Thanks for your help.

0 Karma

ywu_splunk
Splunk Employee
Splunk Employee

To isolate the problem, please access the SSL endpoint under a browser, with https://myhost:8089. What do you get?

0 Karma

ywu_splunk
Splunk Employee
Splunk Employee

Yes, you can use SDK to connect to a remote Splunk server. You need to make sure the port is not blocked by the firewall.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Also, can anyone confirm if application created using SDK can be executed from a remote server (which I believe be the case) or it has to be executed from the same server where splunk you're connecting is installed?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

My Splunk server does require SSL client certificate (one caCertFile and one sslKeysfile is being used. And this is the first error that I get when using from browser.

0 Karma

ywu_splunk
Splunk Employee
Splunk Employee

Does your Splunk server require SSL client certificate to connect?

Is it the first error you got?

You may want to talk to your network administrator or Splunk server admin for advice.

Let me know if you have additional information and would like my help further.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

I get following error

An error occurred during a connection to myhost:8089. SSL peer was unable to negotiate an acceptable set of security parameters. (Error code: ssl_error_handshake_failure_alert)

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...