Security

Can I resolve these LetsEncrypt Server Cert CA issues?

gwaters
New Member

Hello,

I have a Splunk forwarder forwarding logs to a Splunk Server, and the SplunkServer is using a LetsEncrypt CA cert. I have tried a couple of directives but they dont see to work.

Here are my configs:

 

 

 

outputs.conf
[tcpout] 
useACK = true 
indexAndForward = false 
defaultGroup = splunkssl 
forwardedindex.0.whitelist = modsec 

[tcpout:splunkssl] 
compressed = true 
server = splunkserver.ip.com:9998 
clientCert = /opt/splunkforwarder/etc/certs/client.pem 

[tcpout-server://splunkserver.ip.com:9998] 
#sslRootCAPath = /opt/splunkforwarder/etc/certs/cacert.pem 
sslRootCAPath = /opt/splunkforwarder/etc/certs/letsencryptca.pem sslVerifyServerCert = true 
sslCommonNameToCheck = splunkserver-alias.ip.com

 

 

 

I found my issue here in the forums, but the response was to disable sslVerifyServerCert.. which I can not do.

 

Here is the error I get:

 

 

 

05-30-2023 16:19:21.265 -0700 ERROR TcpOutputFd - Connection to host=splunkserver.ip.com:9998 failed. sock_error = 0. SSL Error = error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

 

 

 

Labels (1)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...