I was attempting to get the ODBC driver working in my environment. I set up the instance according to the documentation, although I found the documentation lacking for the certs assigned in server.conf. When I set it up, I could get the web browser to load the address https://server.name:8089 with a secure connection, but I could not get Microsoft Query to connect (Excel).
I would receive the following error: "[40]error with http api, error code couldn't connect to the server"
server.conf settings:
[sslConfig]
enableSplunkdSSL = true
sslKeysfile = ca_key_inter_root.pem
caCertFile = inter_root.pem
caPath = $SPLUNK_HOME/etc/apps/config_https/mycerts/
sslVersions = *, -ssl2, -ssl3
I solved the issue by updating the sslVersions option to allow "ssl3". The connection started working. The problem is, this opens up vulnerabilities that I am not comfortable with. So now onto the question, I am not sure if this is a limitation of the Splunk ODBC driver, Microsoft Query, or Splunk enterprise? Any Help with clarification would be much appreciated.
With the help of support, I was able to verify that the limitation is on the Splunk ODBC driver. It currently does not have TLS support. There is currently no ETA on TLS being added, and there is a developer bug: DVPL-5957.
With the help of support, I was able to verify that the limitation is on the Splunk ODBC driver. It currently does not have TLS support. There is currently no ETA on TLS being added, and there is a developer bug: DVPL-5957.