My situation is such: I am manually verifying the Splunk instance's server cert to my client application. I create a new httpclient wrapper with this method. Can someone explain to me exactly what I am to do? My guess is that to 1. there is no IP address designated as the CA, 2. Some config file screaming out, 3. No idea
const SplunkPEM = `---BEGIN...jsldfjklsd---END`
func NewHttpClient() (*http.Client, error) {
rootcas := x509.NewCertPool()
ok := rootcas.AppendCertsFromPEM([]byte(SplunkPEM))
if !ok {
return http.DefaultClient, ErrString("Failed to parse PEM!")
}
conf := &tls.Config{
MinVersion: tls.VersionTLS12,
RootCAs: rootcas,
ServerName: "SplunkServerDefaultCert",
}
tr := &http.Transport{TLSClientConfig: conf}
client := &http.Client{Transport: tr}
return client, nil
}
error 1: cannot validate certificate for 10.0.0.112 because it doesn't contain any IP SANs --so I tried changing
&tls.Config{
ServerName: "SplunkServerDefaultCert",
}
error 2: certificate is valid for SplunkServerDefaultCert, not splunk.com
error 3: certificate is not authorized to sign other certificates