Security

Why is the web service is stuck on 127.0.0.1 with third party certificates creation?

cpierce26
New Member

Hi guys- I've created third party certificates for our splunk instance, using the splunk-provided documentation. My issue is when we go to restart splunk or the splunk web server, it seems to get hung up on starting the web server at 127.0.0.1:8000.

I've verified-
No password on the private key file (because splunk doesn't support it)
the certificate has no issues. I've verified this using open ssl s_client and s_server.
Tried using caCertPath instead of servercert in web.conf file. From googling, if you have upgraded from older versions of splunk, this can cause issues after upgrades. Unfortunately no dice here.

Can anyone assist?

Thank you.

0 Karma

p_gurav
Champion

Hi,

Can you checked _internal and web_service.log logs?

0 Karma

cpierce26
New Member

Hi p_gurav, they did not show any relevant information when we looked at them, which is one of the reasons I was perplexed. However, I did manage to stumble upon the answer in a random .conf webinar.

There is a line that needs added to web.conf that is not in the splunk documentation. When you switch to third party certificates, the http port has to be specified- using self signed certificates does not present this error for some reason.

In web.conf, under server.cert, I put httpport = 8000, and the server restarted with no issues, cert and all good to go.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...