<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Universal Forwarder Upgrades and our Deployment Server in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Universal-Forwarder-Upgrades-and-our-Deployment-Server/m-p/451547#M78296</link>
    <description>&lt;P&gt;I've been working on automating our UF upgrade process and have found what appears to be an issue with a deprecated key, sslKeysfilePassword ...&lt;/P&gt;

&lt;P&gt;When I upgrade an old 6.1 or 6.2 host beyond Splunk 6.5, I've found that while the UF can still maintain forwarding over SSL to our indexers, they can no longer handshake with our deployment server.&lt;/P&gt;

&lt;P&gt;Spending most of my week on this, I've come across a workaround where, prior to performing the upgrade ... ( stopping splunk; tar -zxf blah ), if I remove the deprecated key "&lt;STRONG&gt;sslKeysfilePassword&lt;/STRONG&gt;" from etc/system/local/server.conf ... the handshake problem is no longer an issue.&lt;/P&gt;

&lt;P&gt;The odd thing here is that, this is the &lt;STRONG&gt;only&lt;/STRONG&gt; thing that had to be changed to rectify the issue, but my understanding of a deprecated object is that it would just be ignored. It doesn't appear to be the case in this instance.&lt;/P&gt;

&lt;P&gt;So, this isn't really a question perse, but has anyone ever run up against this before?&lt;/P&gt;</description>
    <pubDate>Thu, 27 Jun 2019 21:26:49 GMT</pubDate>
    <dc:creator>pkeller</dc:creator>
    <dc:date>2019-06-27T21:26:49Z</dc:date>
    <item>
      <title>Universal Forwarder Upgrades and our Deployment Server</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Universal-Forwarder-Upgrades-and-our-Deployment-Server/m-p/451547#M78296</link>
      <description>&lt;P&gt;I've been working on automating our UF upgrade process and have found what appears to be an issue with a deprecated key, sslKeysfilePassword ...&lt;/P&gt;

&lt;P&gt;When I upgrade an old 6.1 or 6.2 host beyond Splunk 6.5, I've found that while the UF can still maintain forwarding over SSL to our indexers, they can no longer handshake with our deployment server.&lt;/P&gt;

&lt;P&gt;Spending most of my week on this, I've come across a workaround where, prior to performing the upgrade ... ( stopping splunk; tar -zxf blah ), if I remove the deprecated key "&lt;STRONG&gt;sslKeysfilePassword&lt;/STRONG&gt;" from etc/system/local/server.conf ... the handshake problem is no longer an issue.&lt;/P&gt;

&lt;P&gt;The odd thing here is that, this is the &lt;STRONG&gt;only&lt;/STRONG&gt; thing that had to be changed to rectify the issue, but my understanding of a deprecated object is that it would just be ignored. It doesn't appear to be the case in this instance.&lt;/P&gt;

&lt;P&gt;So, this isn't really a question perse, but has anyone ever run up against this before?&lt;/P&gt;</description>
      <pubDate>Thu, 27 Jun 2019 21:26:49 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Universal-Forwarder-Upgrades-and-our-Deployment-Server/m-p/451547#M78296</guid>
      <dc:creator>pkeller</dc:creator>
      <dc:date>2019-06-27T21:26:49Z</dc:date>
    </item>
  </channel>
</rss>

