Re: HEC Token/AWS lambda error

Omarop · ‎06-06-2019

Hello,

I have created a Http Event Collector token for a user. He is using a AWS lambda function in order to access the SPLUNK_HEC_URL and he is receiving the following error:

error0407006A:rsa routines: RSA_padding_check_PKCS1_type_1:invalid padding:../deps/openssl/openssl/cryp
error:04067042:rsa routines: RSA_EAY_PUBLIC_DECRYPT: padding check failed: ../dep/openssl/crypto/rsa/rsa_eay.c: 693:"
error:14000D04B: SSL routines: SSL routines : ssl3_get_key_exchange : bad signature: ../deps/openssl/openssl/ssl/s4_
"_errnoException (util.js : 1022 : 11)"

Has anyone come across this issue before? And if so, can you please assist?

rafael_szt · ‎06-06-2019

What language is he using? Try disabling SSL certificate validation on the request to Splunk.

Omarop · ‎06-07-2019

He is using json. No I have not, how and where do you disable the SSL certificate?

rafael_szt · ‎06-07-2019

Hmm, json is not a programming language, rereading your original error I believe it's NodeJS. So he could do the following in his code:

Add

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;

in code, before calling https.request()

https://stackoverflow.com/questions/10888610/ignore-invalid-self-signed-ssl-certificate-in-node-js-w...

HEC Token/AWS lambda error

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio