Getting Data In

How to resolve "ssl23_get_client_hello unknown protocol" error on indexer and "TcpOutputFd Read error" on forwarder?


Hello guys,

I'm using this on deployment-apps (universal forwarder deployment) :

defaultGroup = default-autolb-group

server = indexer:9997

sslCertPath = $SPLUNK_HOME/etc/apps/APP_OUTPUTS_BASE_PPR/local/server.pem
sslPassword = password
sslRootCAPath = $SPLUNK_HOME/etc/apps/APP_OUTPUTS_BASE_PPR/local/cacert.pem
sslVerifyServerCert = false

I'm 99% sure sslPassword for my cacert.pem is not 'password', so isn't it working for server.pem instead (default splunk cert) ?

If I use the correct cacert pass, I get ssl23_get_client_hello unknown protocol on indexer and TcpOutputFd Read error on forwarder.

Thanks for your clarification.

0 Karma

Esteemed Legend

Hi realsplunk,
sorry for this detail:
the steps you have to do are:

  • insert correct password in inputs.conf (verify where is the inputs.conf file where there is sslPassword: $SPLUNK_HOME/etc/system/local) on your indexers;
  • restart indexers, password will be encrypted
  • insert correct password in inputs.conf in your TA (in local directory);
  • restart forwarder, password will be encrypted

If you insert outputs.conf in default directory, password will be encrypted in local directory and not encripted in default directory.

0 Karma


So why at we have :

sslPassword =
The password associated with the CAcert.
The default Splunk CAcert uses the password "password".
There is no default value.*

Thanks a lot!

0 Karma
Get Updates on the Splunk Community!

Index This | A sphere has three, a circle has two, and a point has zero. What is it?

September 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...