Security

Can I resolve these LetsEncrypt Server Cert CA issues?

gwaters
New Member

Hello,

I have a Splunk forwarder forwarding logs to a Splunk Server, and the SplunkServer is using a LetsEncrypt CA cert. I have tried a couple of directives but they dont see to work.

Here are my configs:

 

 

 

outputs.conf
[tcpout] 
useACK = true 
indexAndForward = false 
defaultGroup = splunkssl 
forwardedindex.0.whitelist = modsec 

[tcpout:splunkssl] 
compressed = true 
server = splunkserver.ip.com:9998 
clientCert = /opt/splunkforwarder/etc/certs/client.pem 

[tcpout-server://splunkserver.ip.com:9998] 
#sslRootCAPath = /opt/splunkforwarder/etc/certs/cacert.pem 
sslRootCAPath = /opt/splunkforwarder/etc/certs/letsencryptca.pem sslVerifyServerCert = true 
sslCommonNameToCheck = splunkserver-alias.ip.com

 

 

 

I found my issue here in the forums, but the response was to disable sslVerifyServerCert.. which I can not do.

 

Here is the error I get:

 

 

 

05-30-2023 16:19:21.265 -0700 ERROR TcpOutputFd - Connection to host=splunkserver.ip.com:9998 failed. sock_error = 0. SSL Error = error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

 

 

 

Labels (1)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...