Skip to main content
Question

Splunk Integration - SSL Error


Forum|alt.badge.img+2

Hello, 

 

I've been using the Splunk intergration for some time now but the last week or so it is now complaining that it cant verify the SSL when attempting to connect to our Jamf Instance. Nothing has changed in terms of configuration. Looking at various documentation and things in github, it says there was a feature added some time ago to allow connections to instances with invalid certificates. To be sure, the certificate is valid but I cant get our Splunk to connect to it. 

 

Has any one had this sort of issue? Is there a way to tell the jamf add on not to verify SSL? 

 

The specific error that i get is

[SSL: CERTIFICATE_VERIFY_FAILED]

2 replies

AJPinto
Forum|alt.badge.img+26
  • Legendary Contributor
  • 2717 replies
  • June 11, 2024

The issue is not likely the TLS certificate, I would wager some firewall rule or TLS redirection your environment has in place is causing problems. 

As far as I am aware the invalid certificate setting in Jamf is just for device management, you would add a root cert that would also install on devices to trust the invalid Jamf cert to allow enrollment. This would not have anything to do with an API Intergration with Splunk. I cannot speak for Splunk side settings and configurations. 


Forum|alt.badge.img+2
  • Author
  • New Contributor
  • 1 reply
  • June 14, 2024

Hello, 

 

this turned out to be Splunk having its on CA store and the new certificate that was issued to our Jamf instance was missing a root/intermediate cert in said CA store. Once i updated this store it started working again. 

thanks for the help


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings