Security

SPLUNK not starting after certificate renewal

Orange_girl
Loves-to-Learn Everything

Hello, 

I am running SPLUNK 9.1.2 on Linux and ever since I installed a new internal certificate, I am not able to run SPLUNK. Below are some of the warnings I was about to find in splunkd.log. Would anyone have any idea of how this can be addressed and fixed? Thank you for any suggestions!

 

WARN  SSLCommon [12196 webui] - Received fatal SSL3 alert. ssl_state='error', alert_description='handshake failure'.

WARN  HttpListener [12196 webui] - Socket error from “…” while idling: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

WARN  HttpListener [12196 webui] - Socket error from “…” while idling: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknow protocol

WARN  SSLCommon [12196 webui] - Received fatal SSL3 alert. ssl_state='error', alert_description='bad record mac'.

WARN  HttpListener [12196 webui] - Socket error from “…” while idling: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

WARN  SSLCommon [12196 webui] - Received fatal SSL3 alert. ssl_state='error', alert_description='decrypt error'.

WARN  HttpListener [12196 webui] - Socket error from “…” while idling: error:1408C095:SSL routines:ssl3_get_finished:digest check failed

 

 

Labels (1)
Tags (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

1. Browse through logs directly from process startup. If there are some issues with - for example - certificate file readability, you should have your errors there

2. Check the logs from the other side of the connection. They often tell more.

0 Karma

Orange_girl
Loves-to-Learn Everything

Thank you!

I've been trying to find logs from process startup but not sure where these might be located? 

What do you mean by 'the other side of the connection'?

 

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...