Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Why is the server.conf when trying to secure 8089 ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is the server.conf when trying to secure 8089 port, is broken from connecting to the Deployment server?
Configured web.conf and server.conf in order to secure port 8089, which was successful but upon checking the connections to a Deployment server, it got broken. Heavy Forwarder is not connecting to the Deployment server.
web.conf:
[settings]
#Updated Splunkd Connection Timeout from 30 to 120
splunkdConnectionTimeout = 30
enableSplunkWebSSL = true
privKeyPath = etc/auth/splunk-qa/private.key.pem
caCertPath = etc/auth/splunk-qa/splunkhost.com.pem
server.conf
[sslConfig]
sslPassword = abcdefghi
enableSplunkdSSL = true
serverCert = $SPLUNK_HOME/etc/auth/splunk-qa/splunkhost.com.pem
privKeyPath = $SPLUNK_HOME/etc/auth/splunk-qa/private.key.pem
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
Please let me know if I need to make any changes. Help will be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some error messages from splunkd.log would be helpful.
Does splunkhost.com.pem include the certificate chain (certificate, intermediate certificate, root certificate)?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes, it has the certificate chain
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does it also include the private key? The splunkd certificate file has a slightly different requirement from the web certificate file, in that it must also include the key.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TcpOutputProc - Connected to idx=1234213423:9997, pset=0, reuse=0.
02-14-2018 10:08:56.569 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
02-14-2018 10:09:00.585 -0500 INFO TcpOutputProc - Closing stream for idx=23424:9997
02-14-2018 10:09:00.586 -0500 INFO TcpOutputProc - Connected to idx=23424322:9997, pset=0, reuse=0.
02-14-2018 10:09:10.497 -0500 INFO TcpOutputProc - Closing stream for idx=123423142:9997
02-14-2018 10:09:10.497 -0500 INFO TcpOutputProc - Connected to idx=1234241:9997, pset=0, reuse=0.
02-14-2018 10:09:16.570 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
A Season of Skills: New Splunk Courses to Light Up Your Learning Journey
Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...
Splunk Observability for AI
