Why did Splunk db connect requireClientCert "peer did not return a certificate"?

New Member

Hi there
Versions: splunk enterprise, splunk db connect 3.12.2 
We are trying to secure splunk enterprise 9 with certificates.
Everything runs almost fine (web, forwarders indexers).
But splunk db does not come up, when requireClientCert=true in server.conf.
Logs says "peer did not return a certificate". Details below.
Message in the UI: "('Unable to communicate with Splunkd. If you enable requireClientCert please make sure certs folder contains privkey.pem and cert.pem files. Also make sure cert.pem has been signed by the root CA used by Splunkd.',)"
We provided the files (used the names like above) in ../splunk/etc/apps/splunk_app_db_connect/certs.
It didn't make a change.

Has anyone got this configuration up and running?

Kind Regards


Log details:
04-26-2023 15:12:48.732 +0200 INFO ExecProcessor [3581394 ExecProcessor] - message from "/opt/splunk/splunk/etc/apps/splunk_app_db_connect/bin/" action=start_dbxquery_server, configFile=/opt/splunk/splunk/etc/apps/splunk_app_db_connect/config/dbxquery_server.yml
04-26-2023 15:12:48.732 +0200 INFO TailReader [3581482 tailreader0] - Batch input finished reading file='/opt/splunk/splunk/var/spool/splunk/tracker.log'
04-26-2023 15:12:48.895 +0200 INFO ExecProcessor [3581394 ExecProcessor] - message from "/opt/splunk/splunk/etc/apps/splunk_app_db_connect/bin/" action=start_task_server, configFile=/opt/splunk/splunk/etc/apps/splunk_app_db_connect/config/dbx_task_server.yml
04-26-2023 15:12:49.372 +0200 WARN SSLCommon [3581489 HttpDedicatedIoThread-0] - Received fatal SSL3 alert. ssl_state='error', alert_description='handshake failure'.
04-26-2023 15:12:49.373 +0200 WARN HttpListener [3581489 HttpDedicatedIoThread-0] - Socket error from while idling: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...

Starting With Observability: OpenTelemetry Best Practices

Tech Talk Starting With Observability: OpenTelemetry Best Practices Tuesday, October 17, 2023   |  11AM PST / ...