Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why am I getting an error in splunkd.log when setting up Splunk Port 9997 SSL

JarrettM
Path Finder
‎03-07-2019 09:42 AM

Attempting to set up new Splunk 7.2.4.2 server on Redhat 7 using our own cert. Splunk web works fine with https using our cert. Configured inputs.conf and server.conf to allow ssl for receiving from forwarders. Get the following ERROR in splunkd.log:

TcpInputConfig - SSL context not found. Will not open splunk to splunk (SSL) IPv4 port 9997

inputs.conf and server.conf are as follows:

inputs.conf

[default]
host = myserver.com

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = $SPLUNK_HOME/etc/auth/mycert.pem
sslPassword = mypassword
requireClientCert = false

server.conf

[general]
serverName = myserver.com
pass4SymmKey = symmkey

[sslConfig]
sslRootCAPath = $SPLUNK_HOME/etc/auth/rootcert.pem

Also perhaps a related issue?

 ERROR IntrospectionGenerator:resource_usage -  KVStoreConfigurationProvider - Unable to read an X509 cert from '' file

Thanks!

0 Karma
Reply

cvssravan
Path Finder
‎03-07-2019 10:32 AM

Looking at this specific error:
ERROR IntrospectionGenerator:resource_usage - KVStoreConfigurationProvider - Unable to read an X509 cert from '' file.

It seems like the file was not found. Make sure the $SPLUNK_HOME variable is set and verify the cert file in the specified path and try again.

0 Karma
Reply

JarrettM
Path Finder
‎03-07-2019 11:11 AM

Seems like it must be set and the cert file is in the path because my web.conf uses $SPLUNK_HOME with the same cert and it works:

web.conf

[settings]
enableSplunkWebSSL = 1
privKeyPath = $SPLUNK_HOME/etc/auth/mykey.pem
serverCert = $SPLUNK_HOME/etc/auth/mycert.pem
httpport = 8000

mgmtHostPort = 127.0.0.1:8089
appServerPorts = 8065

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...