Security

Can I resolve these LetsEncrypt Server Cert CA issues?

gwaters
New Member

Hello,

I have a Splunk forwarder forwarding logs to a Splunk Server, and the SplunkServer is using a LetsEncrypt CA cert. I have tried a couple of directives but they dont see to work.

Here are my configs:

 

 

 

outputs.conf
[tcpout] 
useACK = true 
indexAndForward = false 
defaultGroup = splunkssl 
forwardedindex.0.whitelist = modsec 

[tcpout:splunkssl] 
compressed = true 
server = splunkserver.ip.com:9998 
clientCert = /opt/splunkforwarder/etc/certs/client.pem 

[tcpout-server://splunkserver.ip.com:9998] 
#sslRootCAPath = /opt/splunkforwarder/etc/certs/cacert.pem 
sslRootCAPath = /opt/splunkforwarder/etc/certs/letsencryptca.pem sslVerifyServerCert = true 
sslCommonNameToCheck = splunkserver-alias.ip.com

 

 

 

I found my issue here in the forums, but the response was to disable sslVerifyServerCert.. which I can not do.

 

Here is the error I get:

 

 

 

05-30-2023 16:19:21.265 -0700 ERROR TcpOutputFd - Connection to host=splunkserver.ip.com:9998 failed. sock_error = 0. SSL Error = error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

 

 

 

Labels (1)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...