Security

SPLUNK not starting after certificate renewal

Orange_girl
Loves-to-Learn Everything

Hello, 

I am running SPLUNK 9.1.2 on Linux and ever since I installed a new internal certificate, I am not able to run SPLUNK. Below are some of the warnings I was about to find in splunkd.log. Would anyone have any idea of how this can be addressed and fixed? Thank you for any suggestions!

 

WARN  SSLCommon [12196 webui] - Received fatal SSL3 alert. ssl_state='error', alert_description='handshake failure'.

WARN  HttpListener [12196 webui] - Socket error from “…” while idling: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

WARN  HttpListener [12196 webui] - Socket error from “…” while idling: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknow protocol

WARN  SSLCommon [12196 webui] - Received fatal SSL3 alert. ssl_state='error', alert_description='bad record mac'.

WARN  HttpListener [12196 webui] - Socket error from “…” while idling: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

WARN  SSLCommon [12196 webui] - Received fatal SSL3 alert. ssl_state='error', alert_description='decrypt error'.

WARN  HttpListener [12196 webui] - Socket error from “…” while idling: error:1408C095:SSL routines:ssl3_get_finished:digest check failed

 

 

Labels (1)
Tags (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

1. Browse through logs directly from process startup. If there are some issues with - for example - certificate file readability, you should have your errors there

2. Check the logs from the other side of the connection. They often tell more.

0 Karma

Orange_girl
Loves-to-Learn Everything

Thank you!

I've been trying to find logs from process startup but not sure where these might be located? 

What do you mean by 'the other side of the connection'?

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...