ashah-splunk
commented
1 year ago Hi @jrobins04 sorry for the delay in the response. We are working on a feature to enable passing and validation of SSL certificate. Once we have the feature fully developed and merged, will publish a new SDK release with the feature. Will keep you updated for the same.
ihor-sokoliuk-exa
I am looking for guidance around SSL certificates for talking to Splunk for an app (data input) implemented using your Java SDK. We have an app currently available in splunkbase: https://classic.splunkbase.splunk.com/app/4310/ implemented using the splunk-sdk-java.
When users of our app tries to
validateInputorstreamEvents, they see the errorPKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Looks like this happens because the certificate presented by their local splunk instance cannot be validated by the splunk-sdk-java code as it in not present in their local trust store.The present workaround we suggest to our customers, is to manually export this cert and import it into their local java cacerts store. This is not always practical, as the location of truststore can vary for each customer and also in case of splunk cloud, customer would need to contact splunk support to make this change as they don't have access to the actual machines.
I see there are multiple open similar issues: https://github.com/splunk/splunk-sdk-java/issues/209, https://github.com/splunk/splunk-sdk-java/issues/204, https://github.com/splunk/splunk-sdk-java/issues/185
Also, we do not want the
setValidateCertificatesset tofalse-> https://docs.splunk.com/DocumentationStatic/JavaSDK/1.9.4/com/splunk/HttpService.html#validateCertificatesFor PROD environment, TRUE is strongly recommended, whereas working in localhost OR development environment, FALSE is used.Do you have any workarounds or possible solution for this issue? Any help would be appreciated.