The App ignores the SSL certs in the OS because it doesn't use the OS's python. It uses Splunk's built-in python for everything, so the CA cert would have to be trusted inside Splunk python. Unfortunately I don't know any way to trust certs in Splunk's python, but maybe Splunk support can help with this?
Right now there isn't an option to disable cert verification in the App because it would fail the security checks in Splunk's certification process.
So, I suggest to solve the problem one of two ways:
RECOMMENDED: Use a cert that is trusted by Splunk's built-in python.
Disabled cert validation by modifying the MineMeld modular input. To do this, edit the file $SPLUNK_HOME/etc/apps/Splunk_TA_paloalto/bin/input_module_minemeld_feed.py .
In the get_feed_entries() method, find the line that reads:
resp=helper.send_http_request(
url=feed_url,
method='GET',
parameters={'v': 'json', 'tr': 1},
headers=feed_headers)
Insert this line between the parameters line and headers line:
verify=False,
Note that it must be indented the same as the lines around it, and must end with a comma.
We'll try to make this modification easier in a future version. Thanks for your feedback.
... View more