All Apps and Add-ons

Some problems with TA_Demisto configuration

jackson_storm
Explorer

Hi all, i have some problems with TA-Demisto for Splunk configuration.

On the Demisto Setup Page when i`m configure Demisto Host Name/IP Address and Api key , and after click on Save button i see an error message.

Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/TA-Demisto/demisto/demistocustomendpoint/demistoenv

Splunk instance works on amazon ec2 and demisto instance works on ec2 too. This two instances located in one VPC(one network) so i prefer to build communication using their local ip adresses.

Log message

2018-02-22 11:40:51,394 - DEMISTOSETUP - INFO - Auth key found
2018-02-22 11:40:51,396 - DEMISTOALERT - INFO - Using default value for verify= True
2018-02-22 11:40:51,433 - DEMISTOSETUP - ERROR - Exception while createing Test incident
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-Demisto/bin/demisto_setup.py", line 104, in handleEdit
    verify_cert = True)
  File "/opt/splunk/etc/apps/TA-Demisto/bin/demisto_alert.py", line 217, in validate_token
    r = requests.get(url = url, verify = True,allow_redirects = True, headers = headers)
  File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 55, in get
    return request('get', url, **kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 456, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 559, in send
    r = adapter.send(request, **kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/adapters.py", line 382, in send
    raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:603)

Demisto can successfully connect to Splunk using SplunkPy in Settings-Integrations.
But Splunk can`t connect to Splunk.
Security groups configured good, so this instances can communicate with each other.

0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi @jackson_storm,

You are configuring using local IP but is this instance using self signed certificate? If Yes then you must configured the demisto app using the host name provided in self signed certificate.

Thanks

View solution in original post

0 Karma

ewitkop
New Member

[root@ip-192-168-45-70 demisto]# curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false

<msg type="ERROR">Unauthorized</msg>

,I get the following error.

[root@ip-192-168-45-70 demisto]# curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false

<msg type="ERROR">Unauthorized</msg>
0 Karma

richgalloway
SplunkTrust
SplunkTrust

This question is nearly two years old with an accepted answer. Please post a new question describing your problem.

---
If this reply helps you, Karma would be appreciated.
0 Karma

206103593
Engager

I ran into the same problem and had to disable CERT validation with the following command.

curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false

ahartge
Path Finder

thanks - this worked for me !

0 Karma

amat
Explorer

@jackson_storm Were you able to get an update on the fix? I am facing the same issue

thanks!

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi @jackson_storm,

You are configuring using local IP but is this instance using self signed certificate? If Yes then you must configured the demisto app using the host name provided in self signed certificate.

Thanks

0 Karma

rajmcse04
Engager

Hi

We are also facing the same problem and we don't have self signed certificate. In that case what needs to do?

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...