Hi All,
I am trying to setup SSL configuration between my Indexer and forwarder on port 9998 while it still allows non SSL configuration with port 9997.
I have followed the process from this link but created private key without password (as instructed by my enterprise architect).
http://docs.splunk.com/Documentation/Splunk/latest/Security/Howtogetthird-partycertificates
I have received my server certificate and root CA certificate with .crt extension. I have merged my server cert, server private key and root CA into one and following is my Inputs.conf on Indexer - etc/system/local
[default]
host = MY-IDX
[splunktcp://9997]
disabled = 0
[splunktcp-ssl:9998]
compressed = true
[SSL]
requireClientCert = false
rootCA = $SPLUNK_HOME/etc/Certs/root_certificate.crt
serverCert = $SPLUNK_HOME/etc/Certs/server_cert.example.com.crt
Upon restarting I'm seeing following error entries. (and inputs.conf has "password = $1$nw==" added to SSL stanza)
11-24-2014 19:37:51.805 -0500 ERROR TcpInputConfig - SSL context not found. Will not open splunk 2 splunk (SSL) IPv4 port 9998
11-24-2014 19:37:51.804 -0500 ERROR TcpInputConfig - SSL server certificate not found, or password is wrong - SSL ports will not be opened
I tried giving some password explicitly and also with renaming .crt to .pem but same error is received.
Would anyone help me with suggestions/troubleshooting steps on what I can try next. Kinda urgent.
Have a look on this answer, seems very similar to the error message you're getting:
http://answers.splunk.com/answers/105645/splunk-ssl-input-app-not-hashing-password.html
I've not used a and not using the password attribute in inputs.conf. 😞
have you specified a password when creating the key/certificate? If not, just remove the password = ...
line. If you entered a password, you'll need to use password = [password_you_defined]