All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting a "SSL: CERTIFICATE_VERIFY_FAILED" error despite having valid certificates in Splunk Add-on for Tenable?

yarick
Path Finder
‎08-28-2018 09:36 AM

Add-on is configured to obtain data from Tenable nessusd (Nessus) 7.1.3 [build M20120] for Linux

Error in logs

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed.

SSL Connection test

New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES128-SHA
Session-ID:
Session-ID-ctx:
Master-Key: EFB3E32FE3292430D26CE3BE6B5DF3FB9D6ECE9922687B0ECD51A7B82A31B11342F43CD30A1671FFCE030AE4D047B381
Start Time: 1535474072
Timeout : 300 (sec)
Verify return code: 0 (ok)

Certificate Authority used for this connection - Lets Encrypt

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yarick
Path Finder
‎08-28-2018 10:09 AM

Let's Encrypt was not listed in the cert. Store for the Add-on.

I updated the list with this command = cat /etc/ssl/certs/ca-bundle.crt >> /opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/cacerts.txt

There may be a solution that is more elegant. For example, to ship updated version of the library, or rely on system libraries. But, that is a much larger discussion.

SSL Certificate is validated by the Add-on and operating as expected. This solved my issue.

View solution in original post

Reply
Solved! Jump to solution

bharathnetskope
Observer
‎04-04-2022 06:38 PM

@yarick This did not solve my problem , is there any way we can disable SSL ? 

0 Karma
Reply
Solved! Jump to solution

yarick
Path Finder
‎04-05-2022 11:58 AM

@bharathnetskope- If you have access to the Tenable Support Portal, there should be a spec. That describes if that is supported. It was not in the version of SC I was using.

0 Karma
Reply
Solved! Jump to solution

VijaySrrie
Builder
‎03-30-2022 11:02 PM

@yarick I see the same error with the app --->  https://splunkbase.splunk.com/app/5677/

Please let me know how to fix it

0 Karma
Reply
Solved! Jump to solution

yarick
Path Finder
‎04-05-2022 11:56 AM

@VijaySrrie- I have not used this particular app, the same should apply -

Check if your app is providing a cacerts bundle OR update version of the same provided on a system-wide level (OS not Splunk).

 

0 Karma
Reply
Solved! Jump to solution
Solution

yarick
Path Finder
‎08-28-2018 10:09 AM

Let's Encrypt was not listed in the cert. Store for the Add-on.

I updated the list with this command = cat /etc/ssl/certs/ca-bundle.crt >> /opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/cacerts.txt

There may be a solution that is more elegant. For example, to ship updated version of the library, or rely on system libraries. But, that is a much larger discussion.

SSL Certificate is validated by the Add-on and operating as expected. This solved my issue.

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...