Solved: Disable SSL validation Tenable add-on

splunk_kk · ‎05-15-2018

Hi Team,

We are using certificates on our Tenable Security Center and have disabled SSL validation in splunk under tenable add-on. The config we have done is as below:

[tenable_sc_settings]
disable_ssl_certificate_validation = 1

Just wanted to know if it only disables the verification of identity of the server and the encryption still occurs? or is it something more than that?

Thanks!

xpac · ‎05-16-2018

Disabling SSL Certificate validation (in almost any product) usually means, do not:

Check if hostname and certificate SAN match
Check if the CA that issued the certificate is trusted
Check if the certificate has expired or has been revoked

Actually, it means "Do encryption, but don't care at all about who is on the other side - if the other side supports encryption, encrypt it."

View solution in original post

xpac · ‎05-16-2018

Disabling SSL Certificate validation (in almost any product) usually means, do not:

Check if hostname and certificate SAN match
Check if the CA that issued the certificate is trusted
Check if the certificate has expired or has been revoked

Actually, it means "Do encryption, but don't care at all about who is on the other side - if the other side supports encryption, encrypt it."

Disable SSL validation Tenable add-on

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...