Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

TCP-SSL ERROR SSL context not found. Splunk not listening the configured port.

hketer
Path Finder
‎10-04-2023 02:28 AM

Hey All 🙂

I've configured tcp-ssl on HF, created certificates and the following configuration.
The HF receive syslog from third-party, I'll send the third party company the CA (combined certificat) I created based on these docs:
1. How to create and sign your own TLS certificates 
2. Create a single combined certificate file 

inputs.conf
[tcp-ssl://2222]
index = test
sourcetype = st_test

[SSL]
serverCert = C:\Program Files\Splunk\etc\auth\mycerts\myServerCertificate.pem
sslPassword = <Server.key password>
sslRootCAPath = C:\Program Files\Splunk\etc\auth\mycerts\myCertAuthCertificate.pem

Server.conf
[sslconfig]
sslPassword = <password encrypted that I didn't configured>

And yet Splunk isn't listening to the requested port for example 2222

What am I missing?

The error I get in Splunk _internal is:
SSL context not found. Will not open raw (SSL) IPv4 port 2222

Please assist, and Thank YOU!!!

 

Labels (2)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-06-2023 10:31 AM

Check logs more "backwards" to see earlier errors. Maybe you mistyped file paths, maybe the password was wrong...

0 Karma
Reply

_JP
Contributor
‎10-06-2023 09:59 AM

A couple steps to troubleshoot:

- If you remove the SSL, can you get Splunk to startup and listen on that port?  

- Are your paths 100% correct - this could be related to a typo in the path/filename.

- Do your certificates have the correct permissions so Spunk can see them?

 

As a side note, Splunk will auto-encrypt passwords like that in your .conf files. You'll see the following wording for values it does this with in the documentation (e.g. inputs.conf sslPassword documentation)

Upon first use, the input encrypts and rewrites the password

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...