Help

Splunk Integration - SSL Error

damo66a
New Contributor

3 weeks ago

Hello, 

 

I've been using the Splunk intergration for some time now but the last week or so it is now complaining that it cant verify the SSL when attempting to connect to our Jamf Instance. Nothing has changed in terms of configuration. Looking at various documentation and things in github, it says there was a feature added some time ago to allow connections to instances with invalid certificates. To be sure, the certificate is valid but I cant get our Splunk to connect to it. 

 

Has any one had this sort of issue? Is there a way to tell the jamf add on not to verify SSL? 

 

The specific error that i get is

[SSL: CERTIFICATE_VERIFY_FAILED]

0 Kudos
2 REPLIES 2

AJPinto
Honored Contributor II

3 weeks ago

The issue is not likely the TLS certificate, I would wager some firewall rule or TLS redirection your environment has in place is causing problems. 

As far as I am aware the invalid certificate setting in Jamf is just for device management, you would add a root cert that would also install on devices to trust the invalid Jamf cert to allow enrollment. This would not have anything to do with an API Intergration with Splunk. I cannot speak for Splunk side settings and configurations. 

damo66a
New Contributor

2 weeks ago

Hello, 

 

this turned out to be Splunk having its on CA store and the new certificate that was issued to our Jamf instance was missing a root/intermediate cert in said CA store. Once i updated this store it started working again. 

thanks for the help

0 Kudos