Deployment Architecture

When ‘requireClientCert = true’ , is set in server.conf, unable to run "splunk reload deploy-server" or "splunk reload auth"

jbarlow_splunk
Splunk Employee
Splunk Employee

on splunk server have following set up

server.conf

[sslConfig]
requireClientCert = true

Unable to run: splunk reload deploy-server or splunk reload auth
other CLI commands work okay

Error encountered:

Couldn't request server info: Couldn't complete HTTP request: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
0 Karma
1 Solution

jbarlow_splunk
Splunk Employee
Splunk Employee

SSL issue specifically occurs when Splunk CLI needs to login, so can get round it by running another CLI command and logging in, then running splunk reload deploy-server

e.g something like :

$splunk list licenses
Your session is invalid.  Please login.
Splunk username: admin
Password:

Then run:

$splunk reload deploy-server
Reloading serverclass(es).

A more permanent way round this is available in 6.4.4 and due in 6.5.1

Requires additional settings in server.conf, to open an additional non-SSL HTTP REST port, bound to the localhost, and therefore not accessible from outside the machine. Port needs to be a higher number than management port. CLI will then use this local port for communication (non-ssl, but local only) and error no longer occurs

For example:

server.conf

[httpServerListener:127.0.0.1:8090] 
ssl=false

View solution in original post

jbarlow_splunk
Splunk Employee
Splunk Employee

SSL issue specifically occurs when Splunk CLI needs to login, so can get round it by running another CLI command and logging in, then running splunk reload deploy-server

e.g something like :

$splunk list licenses
Your session is invalid.  Please login.
Splunk username: admin
Password:

Then run:

$splunk reload deploy-server
Reloading serverclass(es).

A more permanent way round this is available in 6.4.4 and due in 6.5.1

Requires additional settings in server.conf, to open an additional non-SSL HTTP REST port, bound to the localhost, and therefore not accessible from outside the machine. Port needs to be a higher number than management port. CLI will then use this local port for communication (non-ssl, but local only) and error no longer occurs

For example:

server.conf

[httpServerListener:127.0.0.1:8090] 
ssl=false
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...