Security

Getting error "unsupported certificate" when configuring TLS on management port 8089

DaisyNguyen
Loves-to-Learn Lots

Hi all,

I'm trying to configure SSL certificate for management port 8089 on Manager Node and Indexers.

In file $SPLUNK_HOME/etc/system/local/server.conf in Manager Node and Indexers.

 

[sslConfig]
sslRootCAPath = <path_to_rootCA>
sslPassword = mycertpass
enableSplunkdSSL = true
serverCert = <path_to_manager_or_indexer_cert>
requireClientCert = true
sslAltNameToCheck = manage-node.example.com

 

I check rootCA and my server certificate in Manager Node and Indexers with `openssl verify` and it return OK.

I use the same certificate for Indexers and one for Manager Node.

All my certificate have purpose is SSL server and SSL client:

X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication

But when I set `requireClientCert = true`, it return "unsupported certificate" error and I can't access to Splunk Web of Manager Node.

Please help me to fix this! 

Labels (1)
0 Karma

DaisyNguyen
Loves-to-Learn Lots

[UPDATE]

When I used the same certifiacte for Splunk Web and Splunk Secure Connection, it works normally.

But when I used different certificate between Splunk Web and Splunk Secure Connection, the error continued happen.

Before, Splunk Web used only TLS Web Server certificatie, and Splunk Secure Connection used certificate that has purpose TLS Web Server and TLS Web Client. And I really need use separate cert for my cases.

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...