Security

SSL configuration between Indexer and forwarder - certificates without password

somesoni2
SplunkTrust
SplunkTrust

Hi All,

I am trying to setup SSL configuration between my Indexer and forwarder on port 9998 while it still allows non SSL configuration with port 9997.

I have followed the process from this link but created private key without password (as instructed by my enterprise architect).

http://docs.splunk.com/Documentation/Splunk/latest/Security/Howtogetthird-partycertificates

I have received my server certificate and root CA certificate with .crt extension. I have merged my server cert, server private key and root CA into one and following is my Inputs.conf on Indexer - etc/system/local

[default]
host = MY-IDX

[splunktcp://9997]
disabled = 0

[splunktcp-ssl:9998]
compressed = true

[SSL]
requireClientCert = false
rootCA = $SPLUNK_HOME/etc/Certs/root_certificate.crt
serverCert = $SPLUNK_HOME/etc/Certs/server_cert.example.com.crt

Upon restarting I'm seeing following error entries. (and inputs.conf has "password = $1$nw==" added to SSL stanza)

11-24-2014 19:37:51.805 -0500 ERROR TcpInputConfig - SSL context not found. Will not open splunk 2 splunk (SSL) IPv4 port 9998
11-24-2014 19:37:51.804 -0500 ERROR TcpInputConfig - SSL server certificate not found, or password is wrong - SSL ports will not be opened 

I tried giving some password explicitly and also with renaming .crt to .pem but same error is received.

Would anyone help me with suggestions/troubleshooting steps on what I can try next. Kinda urgent.

Tags (1)

musskopf
Builder

Have a look on this answer, seems very similar to the error message you're getting:

http://answers.splunk.com/answers/105645/splunk-ssl-input-app-not-hashing-password.html

0 Karma

somesoni2
SplunkTrust
SplunkTrust

I've not used a and not using the password attribute in inputs.conf. 😞

0 Karma

musskopf
Builder

have you specified a password when creating the key/certificate? If not, just remove the password = ... line. If you entered a password, you'll need to use password = [password_you_defined]

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...