Hi guys- I've created third party certificates for our splunk instance, using the splunk-provided documentation. My issue is when we go to restart splunk or the splunk web server, it seems to get hung up on starting the web server at 127.0.0.1:8000.
I've verified-
No password on the private key file (because splunk doesn't support it)
the certificate has no issues. I've verified this using open ssl s_client and s_server.
Tried using caCertPath instead of servercert in web.conf file. From googling, if you have upgraded from older versions of splunk, this can cause issues after upgrades. Unfortunately no dice here.
Can anyone assist?
Thank you.
Hi,
Can you checked _internal and web_service.log logs?
Hi p_gurav, they did not show any relevant information when we looked at them, which is one of the reasons I was perplexed. However, I did manage to stumble upon the answer in a random .conf webinar.
There is a line that needs added to web.conf that is not in the splunk documentation. When you switch to third party certificates, the http port has to be specified- using self signed certificates does not present this error for some reason.
In web.conf, under server.cert, I put httpport = 8000, and the server restarted with no issues, cert and all good to go.