Deployment Architecture

Is it possible to configure a SSL Splunk server to be the License Master of a non-SSL Splunk search head?

Jarohnimo
Builder

Hi All,

So I setup a stand alone Splunk Environment and the choice was made to bind it with SSL. So we have https://BoxA that has all the roles.

We now have a brand new box that we would like to use as a Search head and we do NOT want to put SSL on this box. We would like to use BoxA as BoxB's License Master but each time i try to make the connection it throws an error
"Bad request - inhandler localslave edittracker failed reason = warn: path=/masterlm/usage;invalid signature on request

from IP: X.X.X.X

Do I have to setup the 2nd Box (BoxB) with SSL in order for it to join (become a license slave/ sh) for Box A. thanks

Labels (2)
0 Karma

arkadyz1
Builder

I can't find the existing answer to that question now, but here are some simple steps you could try:

  1. On the license slave (BoxB) edit server.conf in etc/system/local, find [general] stanza, pass4SymmKey property in it - must have some hashed security value - and change it to the default "changeme" value: pass4SymmKey = changeme.
  2. Restart Splunk on BoxB.
  3. Try setting up the license master/slave relationship now.
0 Karma

dflodstrom
Builder

When you specify the URI for the license server are you saying https://xxx.xxx.xxx.xxx:8089 ?

Not using SSL for Splunk web on BoxB shouldn't be an issue.

0 Karma

Jarohnimo
Builder

Yes, I'm using it as you've said. I've set this up in other environments without issue. Never in mixed configuration.

I inherited this environment. it's possible that the previous person handjammed something he shouldn't into a config file.

0 Karma

ptcrusher
Explorer

@Jarohnimo were you able to sort out this "mixed" setup. We're facing a similar issue while trying to point a non-SSL enabled client to a SSL enabled License Master. Any hints?

0 Karma

jwelch_splunk
Splunk Employee
Splunk Employee

8089 uses ssl by default unless you over-ride it in server.conf

from boxb what happens if you do:

source /opt/splunk/bin/setSplunkEnv
openssl s_client -connect boxa:8089 -CAfile /opt/splunk/etc/auth/cacert.pem

There could be other issues as well, but I don't see the full picture here have you used:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Configurealicensemaster

Okie

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...