Deployment Architecture

Why is the server.conf when trying to secure 8089 port, is broken from connecting to the Deployment server?

cleelakrishna
Loves-to-Learn

Configured web.conf and server.conf in order to secure port 8089, which was successful but upon checking the connections to a Deployment server, it got broken. Heavy Forwarder is not connecting to the Deployment server.

web.conf:

[settings]
#Updated Splunkd Connection Timeout from 30 to 120
splunkdConnectionTimeout = 30
enableSplunkWebSSL = true
privKeyPath = etc/auth/splunk-qa/private.key.pem
caCertPath = etc/auth/splunk-qa/splunkhost.com.pem

server.conf

[sslConfig]
sslPassword = abcdefghi
enableSplunkdSSL = true
serverCert = $SPLUNK_HOME/etc/auth/splunk-qa/splunkhost.com.pem
privKeyPath = $SPLUNK_HOME/etc/auth/splunk-qa/private.key.pem
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

Please let me know if I need to make any changes. Help will be appreciated.

0 Karma

micahkemp
Champion

Some error messages from splunkd.log would be helpful.

Does splunkhost.com.pem include the certificate chain (certificate, intermediate certificate, root certificate)?

0 Karma

cleelakrishna
Loves-to-Learn

yes, it has the certificate chain

0 Karma

micahkemp
Champion

Does it also include the private key? The splunkd certificate file has a slightly different requirement from the web certificate file, in that it must also include the key.

0 Karma

cleelakrishna
Loves-to-Learn

TcpOutputProc - Connected to idx=1234213423:9997, pset=0, reuse=0.
02-14-2018 10:08:56.569 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
02-14-2018 10:09:00.585 -0500 INFO TcpOutputProc - Closing stream for idx=23424:9997
02-14-2018 10:09:00.586 -0500 INFO TcpOutputProc - Connected to idx=23424322:9997, pset=0, reuse=0.
02-14-2018 10:09:10.497 -0500 INFO TcpOutputProc - Closing stream for idx=123423142:9997
02-14-2018 10:09:10.497 -0500 INFO TcpOutputProc - Connected to idx=1234241:9997, pset=0, reuse=0.
02-14-2018 10:09:16.570 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...