I want enable mTLS in splunk cluster on all the communication channels. I have peer certificate that works as both server and client.
Enabling ssl is successful when I set
requiredClientCert = false
in web.conf. However when I make requiredClientCert = true I am getting below errors
ERROR X509Verify - X509 certificate (CN=myCompanyCN) failed validation; error=19, reason="self signed certificate in certificate chain" WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client certificate B', alert_description='unknown CA'. WARN HttpListener - Socket error from 127.0.0.1:60580 while idling: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.
Here are my conf files
[sslConfig] enableSplunkdSSL = true useClientSSLCompression = true sslVersions = tls1.2 serverCert = $SPLUNK_HOME/etc/auth/mycerts/peer-chain-with-key.pem <=== contains peer cert, key, intermediate certs, root CA cert in this order caCertFile = $SPLUNK_HOME/etc/auth/mycerts/ca-chain.pem sslVerifyServerCert = true requireClientCert = true
# Securing splunk web enableSplunkWebSSL = true privKeyPath = etc/auth/mycerts/peer-key.pem serverCert = etc/auth/mycerts/peer-chain-cert-without-key.pem <==== contains peer cert, int certs & root CA cert in this order sslVersions = tls1.2 requireClientCert = true
Any help please