Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I getting an error in splunkd.log when setting up Splunk Port 9997 SSL

JarrettM
Path Finder
‎03-07-2019 09:42 AM

Attempting to set up new Splunk 7.2.4.2 server on Redhat 7 using our own cert. Splunk web works fine with https using our cert. Configured inputs.conf and server.conf to allow ssl for receiving from forwarders. Get the following ERROR in splunkd.log:

TcpInputConfig - SSL context not found. Will not open splunk to splunk (SSL) IPv4 port 9997

inputs.conf and server.conf are as follows:

inputs.conf

[default]
host = myserver.com

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = $SPLUNK_HOME/etc/auth/mycert.pem
sslPassword = mypassword
requireClientCert = false

server.conf

[general]
serverName = myserver.com
pass4SymmKey = symmkey

[sslConfig]
sslRootCAPath = $SPLUNK_HOME/etc/auth/rootcert.pem

Also perhaps a related issue?

 ERROR IntrospectionGenerator:resource_usage -  KVStoreConfigurationProvider - Unable to read an X509 cert from '' file

Thanks!

0 Karma
Reply

cvssravan
Path Finder
‎03-07-2019 10:32 AM

Looking at this specific error:
ERROR IntrospectionGenerator:resource_usage - KVStoreConfigurationProvider - Unable to read an X509 cert from '' file.

It seems like the file was not found. Make sure the $SPLUNK_HOME variable is set and verify the cert file in the specified path and try again.

0 Karma
Reply

JarrettM
Path Finder
‎03-07-2019 11:11 AM

Seems like it must be set and the cert file is in the path because my web.conf uses $SPLUNK_HOME with the same cert and it works:

web.conf

[settings]
enableSplunkWebSSL = 1
privKeyPath = $SPLUNK_HOME/etc/auth/mykey.pem
serverCert = $SPLUNK_HOME/etc/auth/mycert.pem
httpport = 8000

mgmtHostPort = 127.0.0.1:8089
appServerPorts = 8065

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
Top