I have a new indexer. It's in the cluster, replicated and appears fine. We're using the default splunk generated cert. However 9997 wont open due to an invalid cert password. I thought the default was "password" ? But if i put that in
/opt/splunk/etc/system/local/server.conf
/opt/splunk/etc/apps/myapp/local/server.conf
I still get an error in splunkd.log
03-04-2019 10:26:01.214 -0500 ERROR SSLCommon - Can't read key file /opt/splunk/etc/auth/server.pem errno=151404653 error:0906406D:PEM routines:PEM_def_callback:problems getting password.
03-04-2019 10:26:01.214 -0500 ERROR TcpInputConfig - SSL server certificate not found, or password is wrong - SSL ports will not be opened
03-04-2019 10:26:01.214 -0500 ERROR TcpInputConfig - SSL context not found. Will not open splunk to splunk (SSL) IPv4 port 9997
The default password is "password"
Thanks, how can i verify which conf file it's looking for the password in? Would it be both of the files i mentioned?
/opt/splunk/etc/system/local/server.conf
/opt/splunk/etc/apps/myapp/local/server.conf
system/local has the maximum level of precedence