Notifications

184 views

Symptoms

When you click on  Event Action button in Splunk, you will see connectivity error with [SSL: Certificate_verify_Failed]

 

command=" ", Unable to connect to ServiceNow. Error: Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-ServiceNow-SecOps/bin/sn_connect.py", line 42, in postData return requests.post(url, auth=(user, pwd), headers=headers, data=dataValues) File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 88, in post return request('post', url, data=data, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 44, in request return session.request(method=method, url=url, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 456, in request resp = self.send(prep, **send_kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 559, in send r = adapter.send(request, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/adapters.py", line 382, in send raise SSLError(e, request=request) SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:741)

Environment

ServiceNow Splunk Add-on, SecOps Add-on (3921)

Cause

Splunk contains its own Python environment, that is different than the host’s Python environment (for both Windows and Linux installs)
ServiceNow's current Splunk Add-on, ServiceNow SecOps Add-on (3921) - leverages a Python script to handle the connect command, to talk to ServiceNow
This Python script leverages the Splunk Python instance that explicitly trusts certain SSL CA Certs (local to Splunk’s Python environment)

Customers with ServiceNow leveraging internally issued SSL certificates (non-public) will need to have Splunk trust this certificate (or the Certificate Authority that issued the certificate), so that they can successfully use the SN SecOps Add-on (3921).

Resolution

We need to update the Splunk Install Directory

Splunk Install Directory:

/opt/splunk/etc/apps/TA-ServiceNow-Secops/bin

 

File that needs to Modified:

/opt/splunk/etc/apps/TA-ServiceNow-Secops/bin/sn_connect.py

 

Then Adjust Line 40 and 42 of "sn_connect.py" python script to either

1) Ignore SSL verification

2) Create n new directory, Store CA certs in Directory, code path to the directory

Reference : https://stackoverflow.com/questions/30405867/how-to-get-python-requests-to-trust-a-self-signed-ssl-certificate

 

 

Article Information

Last Updated:2019-05-21 11:54:03
Published:2019-03-11