Hi there
Versions: splunk enterprise 9.0.4.1, splunk db connect 3.12.2
We are trying to secure splunk enterprise 9 with certificates.
Everything runs almost fine (web, forwarders indexers).
But splunk db does not come up, when requireClientCert=true in server.conf.
Logs says "peer did not return a certificate". Details below.
Message in the UI: "('Unable to communicate with Splunkd. If you enable requireClientCert please make sure certs folder contains privkey.pem and cert.pem files. Also make sure cert.pem has been signed by the root CA used by Splunkd.',)"
We provided the files (used the names like above) in ../splunk/etc/apps/splunk_app_db_connect/certs.
It didn't make a change.
Has anyone got this configuration up and running?
Kind Regards
Elmar
Log details:
04-26-2023 15:12:48.732 +0200 INFO ExecProcessor [3581394 ExecProcessor] - message from "/opt/splunk/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.sh" action=start_dbxquery_server, configFile=/opt/splunk/splunk/etc/apps/splunk_app_db_connect/config/dbxquery_server.yml
04-26-2023 15:12:48.732 +0200 INFO TailReader [3581482 tailreader0] - Batch input finished reading file='/opt/splunk/splunk/var/spool/splunk/tracker.log'
04-26-2023 15:12:48.895 +0200 INFO ExecProcessor [3581394 ExecProcessor] - message from "/opt/splunk/splunk/etc/apps/splunk_app_db_connect/bin/server.sh" action=start_task_server, configFile=/opt/splunk/splunk/etc/apps/splunk_app_db_connect/config/dbx_task_server.yml
04-26-2023 15:12:49.372 +0200 WARN SSLCommon [3581489 HttpDedicatedIoThread-0] - Received fatal SSL3 alert. ssl_state='error', alert_description='handshake failure'.
04-26-2023 15:12:49.373 +0200 WARN HttpListener [3581489 HttpDedicatedIoThread-0] - Socket error from 127.0.0.1:33298 while idling: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate