https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178004#M17361 <P>No for the following causes:<BR /> 1- because there is no mention of it on the Installation steps ( <A href="http://docs.splunk.com/Documentation/AddOns/latest/JMX/Installationsteps">http://docs.splunk.com/Documentation/AddOns/latest/JMX/Installationsteps</A>)<BR /> 2- The only point of conflict is the variable in question: requireClientCert = true (if it is set to off, the app starts working).</P> <P>For me it is pretty clear that some improvement is due on this App.</P> Mon, 03 Aug 2015 14:27:02 GMT DimasSouza 2015-08-03T14:27:02Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/177998#M17355 <P>Hello Community,</P> <P>since I enabled the setting "requireClientCert = true" on our server.conf files the App "Splunk_TA_jmx" just stopped working. I pasted the error messages at the end.<BR /> Once the setting is returned to "false" the app starts working again.<BR /> We are using selfsigned Certificates on our Splunk to Splunk communications, apart from this App, all other connections are working perfectly with requireClientCert = true .</P> <P>I even tried generating the file mx4j.ks. No success. <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> <P>I seems the App internal connection to splunk are being blocked, but I can't find a way to provide it with out certificates.</P> <P>Any recommendation? Is it a bug?</P> <P>We are running on SLES 11, Splunk 6.2.2 build 255606. Splunk Add-on for Java Management Extensions 3.0.0 (sandbox version is 3.0.1) and Oracle Java 1.8.</P> <P>Thanks in advance,<BR /> Dms</P> <PRE><CODE>on splunkd.log 06-26-2015 15:09:37.491 +0200 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate on jmx.log 2015-06-26 14:26:09,630 - com.splunk.modinput.ModularInput -0 [main] ERROR - Error executing modular input : Received fatal alert: handshake_failure : java.lang.RuntimeException: Received fatal alert: handshake_failure </CODE></PRE> Mon, 28 Sep 2020 20:23:03 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/177998#M17355 DimasSouza 2020-09-28T20:23:03Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/177999#M17356 <P>Java 8 means TLS is required, SSL won't work. I'd also upgrade to the latest Splunkd.</P> Mon, 29 Jun 2015 02:24:30 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/177999#M17356 jcoates_splunk 2015-06-29T02:24:30Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178000#M17357 <P>That is not the issue here. A simple test with Java 1.8 and openssl s_server using the same certificates from my Splunk system returns successfull connections. This error can be reproduced by not sending a client certificate. <BR /> Btw. an updated version of splunk (sandbox running 6.2.3) returns the same problem.</P> Mon, 29 Jun 2015 11:13:16 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178000#M17357 DimasSouza 2015-06-29T11:13:16Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178001#M17358 <P>allow me to clarify -- this is the tested and supported connectivity matrix: <A href="http://docs.splunk.com/Documentation/AddOns/latest/JMX/Hardwareandsoftwarerequirements#Prerequisites">http://docs.splunk.com/Documentation/AddOns/latest/JMX/Hardwareandsoftwarerequirements#Prerequisites</A> </P> <P>If you're trying to go outside of that, we don't think that it will work, but will happily accept being wrong if it comes with a support ticket and enhancement request, preferably with an example of how it was made to work <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 29 Jun 2015 15:39:26 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178001#M17358 jcoates_splunk 2015-06-29T15:39:26Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178002#M17359 <P>We did not try to go outside of that. A Support ticket has just been opened (Case Nr. 251396).</P> <P>If you wish to see it, just edit the [sslConfig] stanza of your server.conf as follows (alter paths and filenames as necessary) (either on a splunk server of a universal forwarder)<BR /> Once its done, restart splunk and check your splunkd.log and jmx.log files.</P> <PRE><CODE>[sslConfig] allowSslCompression = false allowSslRenegotiation = false caCertFile = &lt;self_signed_root_ca&gt; caPath = &lt;caPath&gt; cipherSuite = TLSv1+HIGH:!SSLv2:!RC2:!RC4:!DES:!3DES:!MD5:!MD2:!EXP:!MEDIUM:!LOW:!PSK:!DSS:!aNULL:!eNULL:!SRP:!aECDH:!aECDSA@STRENGTH ecdhCurveName = prime256v1 requireClientCert = true sslKeysfile = &lt;sslKeysfile&gt; sslKeysfilePassword = &lt;sslKeysfilePassword&gt; sslVersions = tls1.2 </CODE></PRE> Wed, 01 Jul 2015 13:25:57 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178002#M17359 DimasSouza 2015-07-01T13:25:57Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178003#M17360 <BLOCKQUOTE> <P>A simple test with Java 1.8 and openssl s_server using the same certificates from my Splunk system returns successfull connections.</P> </BLOCKQUOTE> <P>Just for clarification; this means you have your certs imported in the Java keystore that is used by the app as well, correct?</P> Wed, 01 Jul 2015 14:02:32 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178003#M17360 laserval 2015-07-01T14:02:32Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178004#M17361 <P>No for the following causes:<BR /> 1- because there is no mention of it on the Installation steps ( <A href="http://docs.splunk.com/Documentation/AddOns/latest/JMX/Installationsteps">http://docs.splunk.com/Documentation/AddOns/latest/JMX/Installationsteps</A>)<BR /> 2- The only point of conflict is the variable in question: requireClientCert = true (if it is set to off, the app starts working).</P> <P>For me it is pretty clear that some improvement is due on this App.</P> Mon, 03 Aug 2015 14:27:02 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178004#M17361 DimasSouza 2015-08-03T14:27:02Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178005#M17362 <P>it is a problem for python sdk too.<BR /> <A href="https://github.com/splunk/splunk-sdk-python/issues/123">https://github.com/splunk/splunk-sdk-python/issues/123</A></P> <P>Any solution for this problem without setting requireClientCert = false </P> Wed, 04 Nov 2015 08:50:33 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178005#M17362 i2sheri 2015-11-04T08:50:33Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178006#M17363 <P>Any solution or workaround for this problem without setting requireClientCert = false </P> Wed, 04 Nov 2015 08:50:56 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178006#M17363 i2sheri 2015-11-04T08:50:56Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178007#M17364 <P>Hello Everybody,</P> <P>here the official answer I got from Splunk support:<BR /> "Unfortunately the feedback from Dev is that JMX App does not support requireClientCert=true in server.conf.<BR /> They are planning to add the fix the one of the next releases of this App, so I would like to know if using requireClientCert=false it is a possibility based on your requirements"</P> <P>So we have to work with requireClientCert=false for the time being.</P> <P>Regards,<BR /> Dimas Souza</P> Wed, 04 Nov 2015 11:36:34 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178007#M17364 DimasSouza 2015-11-04T11:36:34Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178008#M17365 <P>Follow up:</P> <P>This issue was included on the "Known Issues" list for this app with issue Numer: ADDON-5325</P> <P>We're still waiting for a solution.</P> Thu, 04 Aug 2016 08:10:26 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178008#M17365 DimasSouza 2016-08-04T08:10:26Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178009#M17366 <P>Is this problem resolved? What is the fix for this?</P> Tue, 04 Oct 2016 13:03:09 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Setting-requireClientCert-true-prevents-quot-Splunk-Add-on-for/m-p/178009#M17366 mshenoyp 2016-10-04T13:03:09Z