Archive

Splunk 6.4.0: Forwarding using CA signed SSL certs doesn't work as documented?

I am following the documentation here (set for version 6.4.0): https://docs.splunk.com/Documentation/Splunk/7.0.2/Security/ConfigureSplunkforwardingtousesignedcert...

The documentation states that the variable sslPassword be set, but Splunk won't start unless it is named "password" in the [SSL] stanza in $SPLUNK_HOME/etc/system/local/inputs.conf. Clearly Splunk is seeing my [SSL] stanza, but refuses to open the tcp port, stating:

02-28-2018 16:15:58.055 -0600 ERROR TcpInputConfig - SSL context not found. Will not open raw (SSL) IPv4 port #####

My [SSL] stanza is in the following format:

[SSL]
serverCert = /opt/splunk/etc/certs/myIndexerCert.pem
rootCA = /opt/splunk/etc/certs/ROOTCACert.pem
requireClientCert = true
password = ###############==

Does the [SSL] stanza need to be somewhere else besides $SPLUNK_HOME/etc/system/local/inputs.conf?

Tags (2)
0 Karma