Splunk Enterprise Security

Getting mutiple issues when enabling ssl on Splunk web with 3rd party certs with requiredClientCert = true

vtalanki
Path Finder

Hi All,

I want enable mTLS in splunk cluster on all the communication channels. I have peer certificate that works as both server and client.
Enabling ssl is successful when I set

requiredClientCert = false

in web.conf. However when I make requiredClientCert = true I am getting below errors

ERROR X509Verify - X509 certificate (CN=myCompanyCN) failed validation; error=19, reason="self signed certificate in certificate chain"
WARN  SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client certificate B', alert_description='unknown CA'.
WARN  HttpListener - Socket error from 127.0.0.1:60580 while idling: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

Here are my conf files

server.conf

[sslConfig]
enableSplunkdSSL = true
useClientSSLCompression = true
sslVersions = tls1.2
serverCert = $SPLUNK_HOME/etc/auth/mycerts/peer-chain-with-key.pem <=== contains peer cert, key, intermediate certs, root CA cert in this order
caCertFile = $SPLUNK_HOME/etc/auth/mycerts/ca-chain.pem
sslVerifyServerCert = true
requireClientCert = true

web.conf

# Securing splunk web
enableSplunkWebSSL = true
privKeyPath = etc/auth/mycerts/peer-key.pem
serverCert = etc/auth/mycerts/peer-chain-cert-without-key.pem <==== contains peer cert, int certs & root CA cert in this order
sslVersions = tls1.2
requireClientCert = true

Any help please

0 Karma
1 Solution

vtalanki
Path Finder

This issue has been resolved when I use sslRootCAPath in web.conf instead of caCertFile

View solution in original post

Suirand1
Loves-to-Learn Everything

I suppose you wanted to say in "server.conf" instead of "web.conf". I do get these errors even after configurig sslRootCAPath  in server.conf

0 Karma

vtalanki
Path Finder

This issue has been resolved when I use sslRootCAPath in web.conf instead of caCertFile

View solution in original post