Security

Setting requireClientCert = true in server.conf prevents the CLI from communicating with splunkd

hexx
Splunk Employee
Splunk Employee

In server.conf.spec, it is indicated that requireClientCert = true can be set to require HTTPS clients connecting to splunkd to present a certificate signed by the CA whose public certificate we define in caCertFile in server.conf.spec :

requireClientCert = [true|false]

Requires that any HTTPS client that connects to splunkds internal HTTPS server has a certificate that was signed by our certificate authority.
Used by distributed search: Splunk indexing instances must be authenticated to connect to another splunk indexing instance.
Used by distributed deployment: The deployment server requires that deployment clients are authenticated before allowing them to poll for new configurations/applications.
If true, a client can connect ONLY if a certificate created by our certificate authority was used on that client.
Default is false

However, this appears to break communication between the CLI and splunkd :

[root@hostname local]# splunk login
Splunk username: admin
Password:
Couldn't get auth token: Couldn't complete HTTP request:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

From web_service.log:

SplunkdConnectionException: Splunkd daemon is not responding: ('[Errno 1] _ssl.c:485: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure',)
2011-04-14 14:19:22,335 ERROR [4da73aaa551ece7d0] startup:52 - Unable to read in product version information; Splunkd daemon is not responding: ('[Errno 1] _ssl.c:485: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure',)
2011-04-14 14:19:22,336 ERROR [4da73aaa551ece7d0] decorators:361 - Splunkd daemon is not responding: ('[Errno 1] _ssl.c:485:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure',)

1 Solution

hexx
Splunk Employee
Splunk Employee

Because the CLI cannot be configured to present an SSL certificate, setting requireClientCert = true in server.conf does indeed break its ability to communicate with splunkd.

As of Splunk 4.3, this has been filed as bug SPL-47585.

View solution in original post

abhullar_splunk
Splunk Employee
Splunk Employee

There is a new bug filed as bug SPL-122988 for version 6.4.1 of Splunk

psow_splunk
Splunk Employee
Splunk Employee

Just an update that the issue on the communication being broken when authenticating the client cert has been fixed on Splunk 5.X

kenson
Explorer

The best workaround for this issue I've found is to proxy your request through socat like so:

socat TCP-LISTEN:1212,fork,reuseaddr  OPENSSL-CONNECT:somesplunk-instance:8089,verify=0,cert=somecert.pem

And then calling splunk like so:

./bin/splunk list monitor -uri http://localhost:1212

hexx
Splunk Employee
Splunk Employee

Nice work-around! Thank you for sharing it.

hexx
Splunk Employee
Splunk Employee

Because the CLI cannot be configured to present an SSL certificate, setting requireClientCert = true in server.conf does indeed break its ability to communicate with splunkd.

As of Splunk 4.3, this has been filed as bug SPL-47585.

moliminous
Path Finder

It is 12 years later, and this is still an issue.

You cannot set 'requireClientCert=true' in server.conf on, for example, a Deployment Server, and have a working Web UI on that Deployment Server. 

Setting 'requireClientCert=true' in server.conf still breaks the Web UI in late November 2024.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

As you can see in the comments in this thread. This bug was fixed ages ago. Then another one popped up and was fixed. If you still have a problem with this functionality, you might have encountered yet another but. Just raise a case with support please.

0 Karma

moliminous
Path Finder

I don't think I can as a partner, but I frequently submit changes to their docs and post in Slack

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...