Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

TCP-SSL ERROR SSL context not found. Splunk not listening the configured port.

hketer
Path Finder
‎10-04-2023 02:28 AM

Hey All 🙂

I've configured tcp-ssl on HF, created certificates and the following configuration.
The HF receive syslog from third-party, I'll send the third party company the CA (combined certificat) I created based on these docs:
1. How to create and sign your own TLS certificates 
2. Create a single combined certificate file 

inputs.conf
[tcp-ssl://2222]
index = test
sourcetype = st_test

[SSL]
serverCert = C:\Program Files\Splunk\etc\auth\mycerts\myServerCertificate.pem
sslPassword = <Server.key password>
sslRootCAPath = C:\Program Files\Splunk\etc\auth\mycerts\myCertAuthCertificate.pem

Server.conf
[sslconfig]
sslPassword = <password encrypted that I didn't configured>

And yet Splunk isn't listening to the requested port for example 2222

What am I missing?

The error I get in Splunk _internal is:
SSL context not found. Will not open raw (SSL) IPv4 port 2222

Please assist, and Thank YOU!!!

 

Labels (2)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-06-2023 10:31 AM

Check logs more "backwards" to see earlier errors. Maybe you mistyped file paths, maybe the password was wrong...

0 Karma
Reply

_JP
Contributor
‎10-06-2023 09:59 AM

A couple steps to troubleshoot:

- If you remove the SSL, can you get Splunk to startup and listen on that port?  

- Are your paths 100% correct - this could be related to a typo in the path/filename.

- Do your certificates have the correct permissions so Spunk can see them?

 

As a side note, Splunk will auto-encrypt passwords like that in your .conf files. You'll see the following wording for values it does this with in the documentation (e.g. inputs.conf sslPassword documentation)

Upon first use, the input encrypts and rewrites the password

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...