Security

How to resolve Indexer ERROR TcpInputConfig - SSL context not found? (Won't open Splunk to Splunk (SSL) IPv4 port 9997)

justynap_ldz
Path Finder

Hello,

We keep getting the errors from one of our indexers (there are 3 in the cluster, only one is affected):
ERROR TcpInputConfig [60483 TcpListener] - SSL context not found. Will not open splunk to splunk (SSL) IPv4 port 9997

All indexers have the same SSL config:

/opt/splunk/etc/system/local/inputs.conf
[default]
host = z1234

[splunktcp-ssl:9997]
disabled = 0
connection_host = ip

[SSL]
serverCert = /opt/splunk/etc/auth/z1234_server.pem
sslPassword = <password>
requireClientCert = false
sslVersions = tls1.2

We have just found additional input.conf on all indexers: in
/opt/splunk/etc/apps/search/local/inputs.conf
[splunktcp://9997]
connection_host = ip

We deleted this config on all indexers as this is no longer valid and shouldn't be active.
Unfortunately, after splunk restart port 9997 is no longer opened on z1234 host. On other two hosts it is still opened...weird

 

Any idea what else to check/do to troubleshoot?
Your help will be much appreciated!

Greetings,
Justyna

Labels (2)
0 Karma
1 Solution

justynap_ldz
Path Finder

The solution was to request new cert in company's CA, generate new private key and new certificate chains

View solution in original post

0 Karma

justynap_ldz
Path Finder

The solution was to request new cert in company's CA, generate new private key and new certificate chains

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...