Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
vschmitt_FTNT
Staff
Staff

Created on ‎09-17-2024 01:38 AM

Article Id 341848

Troubleshooting Tip: Fix the SSL CERTIFICATE_VERIFY_FAILED error when configuring the Generic Log API Poller (HTTPS Advanced)

Description

This article describes how to fix the SSL CERTIFICATE_VERIFY_FAILED error when configuring the Generic Log API Poller (HTTPS Advanced).

 

The Generic Log API Poller (HTTPS_Advanced) Integration permits the FortiSIEM to poll any server using HTTPS API. The API uses HTTPS protocol and in case the server you are polling is using a non-default server certificate, the SSL connection will require the server's certificate to be trusted. If the server is not trusted, the Python script of the poller (genericHttpApiPoller.py) will output the following error:

 

failed (Generic HTTP API Failed due to general error, failed to get events. Reason: HTTPSConnectionPool(host='example.host.name', port=443): Max retries exceeded with url: /connect/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))
Scope FortiSIEM.
Solution To be able to communicate with the third-party server, the FortiSIEM needs to know where to find the server's certificate.
  • Locate the trusted certificate inventory file.

 

Open a SSH session on the FortiSIEM.
Launch Python interpreter:


python
>>> import certifi
>>> certifi.where()
'/usr/local/lib/python3.9/site-packages/certifi/cacert.pem'
>>> quit()

 

The second step will declare the cacert.pem in the genericHttpApiPoller.py :

  • Make a backup version of the file /opt/phoenix/bin/genericHttpApiPoller.py.
  • Modify the genericHttpApiPoller.py to locate the line regarding the ssl_cert_check and refer to the cacert.pem:


If we need to verify ssl_cert_check: use the cacert.pem file
https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification
if self.ssl_cert_check:
self.ssl_cert_check="/usr/local/lib/python3.9/site-packages/certifi/cacert.pem"

 

As explained in the link https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification, the requests library either takes verify=False either takes a certfile.

The script should now verify the server's certificate against the CA bundle and make the connection successful.
105
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.