Security

How to resolve Indexer ERROR TcpInputConfig - SSL context not found? (Won't open Splunk to Splunk (SSL) IPv4 port 9997)

justynap_ldz
Path Finder

Hello,

We keep getting the errors from one of our indexers (there are 3 in the cluster, only one is affected):
ERROR TcpInputConfig [60483 TcpListener] - SSL context not found. Will not open splunk to splunk (SSL) IPv4 port 9997

All indexers have the same SSL config:

/opt/splunk/etc/system/local/inputs.conf
[default]
host = z1234

[splunktcp-ssl:9997]
disabled = 0
connection_host = ip

[SSL]
serverCert = /opt/splunk/etc/auth/z1234_server.pem
sslPassword = <password>
requireClientCert = false
sslVersions = tls1.2

We have just found additional input.conf on all indexers: in
/opt/splunk/etc/apps/search/local/inputs.conf
[splunktcp://9997]
connection_host = ip

We deleted this config on all indexers as this is no longer valid and shouldn't be active.
Unfortunately, after splunk restart port 9997 is no longer opened on z1234 host. On other two hosts it is still opened...weird

 

Any idea what else to check/do to troubleshoot?
Your help will be much appreciated!

Greetings,
Justyna

Labels (2)
0 Karma
1 Solution

justynap_ldz
Path Finder

The solution was to request new cert in company's CA, generate new private key and new certificate chains

View solution in original post

0 Karma

justynap_ldz
Path Finder

The solution was to request new cert in company's CA, generate new private key and new certificate chains

0 Karma
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...