Hi all, i have some problems with TA-Demisto for Splunk configuration.
On the Demisto Setup Page when i`m configure Demisto Host Name/IP Address and Api key , and after click on Save button i see an error message.
Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/TA-Demisto/demisto/demistocustomendpoint/demistoenv
Splunk instance works on amazon ec2 and demisto instance works on ec2 too. This two instances located in one VPC(one network) so i prefer to build communication using their local ip adresses.
Log message
2018-02-22 11:40:51,394 - DEMISTOSETUP - INFO - Auth key found
2018-02-22 11:40:51,396 - DEMISTOALERT - INFO - Using default value for verify= True
2018-02-22 11:40:51,433 - DEMISTOSETUP - ERROR - Exception while createing Test incident
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA-Demisto/bin/demisto_setup.py", line 104, in handleEdit
verify_cert = True)
File "/opt/splunk/etc/apps/TA-Demisto/bin/demisto_alert.py", line 217, in validate_token
r = requests.get(url = url, verify = True,allow_redirects = True, headers = headers)
File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 55, in get
return request('get', url, **kwargs)
File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 44, in request
return session.request(method=method, url=url, **kwargs)
File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 456, in request
resp = self.send(prep, **send_kwargs)
File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 559, in send
r = adapter.send(request, **kwargs)
File "/opt/splunk/lib/python2.7/site-packages/requests/adapters.py", line 382, in send
raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:603)
Demisto can successfully connect to Splunk using SplunkPy in Settings-Integrations.
But Splunk can`t connect to Splunk.
Security groups configured good, so this instances can communicate with each other.
Hi @jackson_storm,
You are configuring using local IP but is this instance using self signed certificate? If Yes then you must configured the demisto app using the host name provided in self signed certificate.
Thanks
[root@ip-192-168-45-70 demisto]# curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false
<msg type="ERROR">Unauthorized</msg>
,I get the following error.
[root@ip-192-168-45-70 demisto]# curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false
<msg type="ERROR">Unauthorized</msg>
This question is nearly two years old with an accepted answer. Please post a new question describing your problem.
I ran into the same problem and had to disable CERT validation with the following command.
curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false
thanks - this worked for me !
@jackson_storm Were you able to get an update on the fix? I am facing the same issue
thanks!
Hi @jackson_storm,
You are configuring using local IP but is this instance using self signed certificate? If Yes then you must configured the demisto app using the host name provided in self signed certificate.
Thanks
Hi
We are also facing the same problem and we don't have self signed certificate. In that case what needs to do?