Why is the web service is stuck on 127.0.0.1 with ...

cpierce26 · ‎03-12-2018

Hi guys- I've created third party certificates for our splunk instance, using the splunk-provided documentation. My issue is when we go to restart splunk or the splunk web server, it seems to get hung up on starting the web server at 127.0.0.1:8000.

I've verified-
No password on the private key file (because splunk doesn't support it)
the certificate has no issues. I've verified this using open ssl s_client and s_server.
Tried using caCertPath instead of servercert in web.conf file. From googling, if you have upgraded from older versions of splunk, this can cause issues after upgrades. Unfortunately no dice here.

Can anyone assist?

Thank you.

p_gurav · ‎03-13-2018

Hi,

Can you checked _internal and web_service.log logs?

cpierce26 · ‎03-13-2018

Hi p_gurav, they did not show any relevant information when we looked at them, which is one of the reasons I was perplexed. However, I did manage to stumble upon the answer in a random .conf webinar.

There is a line that needs added to web.conf that is not in the splunk documentation. When you switch to third party certificates, the http port has to be specified- using self signed certificates does not present this error for some reason.

In web.conf, under server.cert, I put httpport = 8000, and the server restarted with no issues, cert and all good to go.

Why is the web service is stuck on 127.0.0.1 with third party certificates creation?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes