Security
Highlighted

SSL configuration between Indexer and forwarder - certificates without password

SplunkTrust
SplunkTrust

Hi All,

I am trying to setup SSL configuration between my Indexer and forwarder on port 9998 while it still allows non SSL configuration with port 9997.

I have followed the process from this link but created private key without password (as instructed by my enterprise architect).

http://docs.splunk.com/Documentation/Splunk/latest/Security/Howtogetthird-partycertificates

I have received my server certificate and root CA certificate with .crt extension. I have merged my server cert, server private key and root CA into one and following is my Inputs.conf on Indexer - etc/system/local

[default]
host = MY-IDX

[splunktcp://9997]
disabled = 0

[splunktcp-ssl:9998]
compressed = true

[SSL]
requireClientCert = false
rootCA = $SPLUNKHOME/etc/Certs/rootcertificate.crt
serverCert = $SPLUNKHOME/etc/Certs/servercert.example.com.crt

Upon restarting I'm seeing following error entries. (and inputs.conf has "password = $1$nw==" added to SSL stanza)

11-24-2014 19:37:51.805 -0500 ERROR TcpInputConfig - SSL context not found. Will not open splunk 2 splunk (SSL) IPv4 port 9998
11-24-2014 19:37:51.804 -0500 ERROR TcpInputConfig - SSL server certificate not found, or password is wrong - SSL ports will not be opened 

I tried giving some password explicitly and also with renaming .crt to .pem but same error is received.

Would anyone help me with suggestions/troubleshooting steps on what I can try next. Kinda urgent.

Tags (1)
Highlighted

Re: SSL configuration between Indexer and forwarder - certificates without password

Builder

have you specified a password when creating the key/certificate? If not, just remove the password = ... line. If you entered a password, you'll need to use password = [password_you_defined]

0 Karma
Highlighted

Re: SSL configuration between Indexer and forwarder - certificates without password

SplunkTrust
SplunkTrust

I've not used a and not using the password attribute in inputs.conf. 😞

0 Karma
Highlighted

Re: SSL configuration between Indexer and forwarder - certificates without password

Builder

Have a look on this answer, seems very similar to the error message you're getting:

http://answers.splunk.com/answers/105645/splunk-ssl-input-app-not-hashing-password.html

0 Karma