SSL configuration between Indexer and forwarder - certificates without password

Revered Legend

Hi All,

I am trying to setup SSL configuration between my Indexer and forwarder on port 9998 while it still allows non SSL configuration with port 9997.

I have followed the process from this link but created private key without password (as instructed by my enterprise architect).

I have received my server certificate and root CA certificate with .crt extension. I have merged my server cert, server private key and root CA into one and following is my Inputs.conf on Indexer - etc/system/local

host = MY-IDX

disabled = 0

compressed = true

requireClientCert = false
rootCA = $SPLUNK_HOME/etc/Certs/root_certificate.crt
serverCert = $SPLUNK_HOME/etc/Certs/

Upon restarting I'm seeing following error entries. (and inputs.conf has "password = $1$nw==" added to SSL stanza)

11-24-2014 19:37:51.805 -0500 ERROR TcpInputConfig - SSL context not found. Will not open splunk 2 splunk (SSL) IPv4 port 9998
11-24-2014 19:37:51.804 -0500 ERROR TcpInputConfig - SSL server certificate not found, or password is wrong - SSL ports will not be opened 

I tried giving some password explicitly and also with renaming .crt to .pem but same error is received.

Would anyone help me with suggestions/troubleshooting steps on what I can try next. Kinda urgent.

Tags (1)


Have a look on this answer, seems very similar to the error message you're getting:

0 Karma

Revered Legend

I've not used a and not using the password attribute in inputs.conf. 😞

0 Karma


have you specified a password when creating the key/certificate? If not, just remove the password = ... line. If you entered a password, you'll need to use password = [password_you_defined]

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!