I am trying to setup SSL configuration between my Indexer and forwarder on port 9998 while it still allows non SSL configuration with port 9997.
I have followed the process from this link but created private key without password (as instructed by my enterprise architect).
I have received my server certificate and root CA certificate with .crt extension. I have merged my server cert, server private key and root CA into one and following is my Inputs.conf on Indexer - etc/system/local
host = MY-IDX
disabled = 0
compressed = true
requireClientCert = false
rootCA = $SPLUNKHOME/etc/Certs/rootcertificate.crt
serverCert = $SPLUNKHOME/etc/Certs/servercert.example.com.crt
Upon restarting I'm seeing following error entries. (and inputs.conf has "password = $1$nw==" added to SSL stanza)
11-24-2014 19:37:51.805 -0500 ERROR TcpInputConfig - SSL context not found. Will not open splunk 2 splunk (SSL) IPv4 port 9998 11-24-2014 19:37:51.804 -0500 ERROR TcpInputConfig - SSL server certificate not found, or password is wrong - SSL ports will not be opened
I tried giving some password explicitly and also with renaming .crt to .pem but same error is received.
Would anyone help me with suggestions/troubleshooting steps on what I can try next. Kinda urgent.
have you specified a password when creating the key/certificate? If not, just remove the
password = ... line. If you entered a password, you'll need to use
password = [password_you_defined]