Security

How to resolve Indexer ERROR TcpInputConfig - SSL context not found? (Won't open Splunk to Splunk (SSL) IPv4 port 9997)

justynap_ldz
Path Finder

Hello,

We keep getting the errors from one of our indexers (there are 3 in the cluster, only one is affected):
ERROR TcpInputConfig [60483 TcpListener] - SSL context not found. Will not open splunk to splunk (SSL) IPv4 port 9997

All indexers have the same SSL config:

/opt/splunk/etc/system/local/inputs.conf
[default]
host = z1234

[splunktcp-ssl:9997]
disabled = 0
connection_host = ip

[SSL]
serverCert = /opt/splunk/etc/auth/z1234_server.pem
sslPassword = <password>
requireClientCert = false
sslVersions = tls1.2

We have just found additional input.conf on all indexers: in
/opt/splunk/etc/apps/search/local/inputs.conf
[splunktcp://9997]
connection_host = ip

We deleted this config on all indexers as this is no longer valid and shouldn't be active.
Unfortunately, after splunk restart port 9997 is no longer opened on z1234 host. On other two hosts it is still opened...weird

 

Any idea what else to check/do to troubleshoot?
Your help will be much appreciated!

Greetings,
Justyna

Labels (2)
0 Karma
1 Solution

justynap_ldz
Path Finder

The solution was to request new cert in company's CA, generate new private key and new certificate chains

View solution in original post

0 Karma

justynap_ldz
Path Finder

The solution was to request new cert in company's CA, generate new private key and new certificate chains

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...