Security

How do I fix a sslv3 alert certificate error?

symoon
Engager

The structure is designed as search head clustering with 3 search heads and one of them has some errors as below. (the rest of them operates normally)

When users access to port 8000, it displays the following xml:

This xml file does not appear to have any style information associated with in. This document tree is shown below.
<msg type="ERROR">Connection reset by peer </msg>

With the above message,
When users check splunkd.log of search head which occurred error, it displays the following two logs.

WARN HttpListener - Socket error from x.x.x.x:51229 while idling: error 14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown

WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='certificate unknown'.

-------------------------------------------------------------------.
Even though users restart the mentioned search head instance, 8000 port does not open immediately but requires some time to open. However, the web doesn’t operate properly due to the mentioned phenomenon.

Also, with this situation for 8000 port, the following logs can be found from splunkd.log:

ERROR HttpClientRequest - HTTP client error=Connection reset by peer while accessing server=http://127.0.0.1:8065 for request=http://127.0.0.1:8065/ko-KR/.

-------------------------------------------------------------------
How can we resolve the such error?

Labels (2)
Tags (1)

NeonGreen
New Member

Have you enabled SSL with 

user#> $SPLUNK_HOME/bin/splunk enable web-ssl
0 Karma

tobiasboone1
Explorer

Any luck with this.  I am having the same issue from a cloud provider sending in a HEC string... 

 

 

0 Karma

aafletch
Engager

We are running into the same issue - did you ever figure it out?

0 Karma

bono_michael
New Member

bump

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...