Getting Data In

TCP-SSL ERROR SSL context not found. Splunk not listening the configured port.

hketer
Path Finder

Hey All 🙂

I've configured tcp-ssl on HF, created certificates and the following configuration.
The HF receive syslog from third-party, I'll send the third party company the CA (combined certificat) I created based on these docs:
1. How to create and sign your own TLS certificates 
2. Create a single combined certificate file 

inputs.conf
[tcp-ssl://2222]
index = test
sourcetype = st_test

[SSL]
serverCert = C:\Program Files\Splunk\etc\auth\mycerts\myServerCertificate.pem
sslPassword = <Server.key password>
sslRootCAPath = C:\Program Files\Splunk\etc\auth\mycerts\myCertAuthCertificate.pem

Server.conf
[sslconfig]
sslPassword = <password encrypted that I didn't configured>

And yet Splunk isn't listening to the requested port for example 2222

What am I missing?

The error I get in Splunk _internal is:
SSL context not found. Will not open raw (SSL) IPv4 port 2222

Please assist, and Thank YOU!!!

 

Labels (2)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

Check logs more "backwards" to see earlier errors. Maybe you mistyped file paths, maybe the password was wrong...

0 Karma

_JP
Contributor

A couple steps to troubleshoot:

- If you remove the SSL, can you get Splunk to startup and listen on that port?  

- Are your paths 100% correct - this could be related to a typo in the path/filename.

- Do your certificates have the correct permissions so Spunk can see them?

 

As a side note, Splunk will auto-encrypt passwords like that in your .conf files. You'll see the following wording for values it does this with in the documentation (e.g. inputs.conf sslPassword documentation)

Upon first use, the input encrypts and rewrites the password

 

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...