Security

Why am I getting an error in splunkd.log when setting up Splunk Port 9997 SSL

JarrettM
Path Finder

Attempting to set up new Splunk 7.2.4.2 server on Redhat 7 using our own cert. Splunk web works fine with https using our cert. Configured inputs.conf and server.conf to allow ssl for receiving from forwarders. Get the following ERROR in splunkd.log:

TcpInputConfig - SSL context not found. Will not open splunk to splunk (SSL) IPv4 port 9997

inputs.conf and server.conf are as follows:

inputs.conf

[default]
host = myserver.com

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = $SPLUNK_HOME/etc/auth/mycert.pem
sslPassword = mypassword
requireClientCert = false

server.conf

[general]
serverName = myserver.com
pass4SymmKey = symmkey

[sslConfig]
sslRootCAPath = $SPLUNK_HOME/etc/auth/rootcert.pem

Also perhaps a related issue?

 ERROR IntrospectionGenerator:resource_usage -  KVStoreConfigurationProvider - Unable to read an X509 cert from '' file

Thanks!

0 Karma

cvssravan
Path Finder

Looking at this specific error:
ERROR IntrospectionGenerator:resource_usage - KVStoreConfigurationProvider - Unable to read an X509 cert from '' file.

It seems like the file was not found. Make sure the $SPLUNK_HOME variable is set and verify the cert file in the specified path and try again.

0 Karma

JarrettM
Path Finder

Seems like it must be set and the cert file is in the path because my web.conf uses $SPLUNK_HOME with the same cert and it works:

web.conf

[settings]
enableSplunkWebSSL = 1
privKeyPath = $SPLUNK_HOME/etc/auth/mykey.pem
serverCert = $SPLUNK_HOME/etc/auth/mycert.pem
httpport = 8000

mgmtHostPort = 127.0.0.1:8089
appServerPorts = 8065

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...