Solved: Re: Getting mutiple issues when enabling ssl on Sp...

vtalanki · ‎04-20-2020

Hi All,

I want enable mTLS in splunk cluster on all the communication channels. I have peer certificate that works as both server and client.
Enabling ssl is successful when I set

requiredClientCert = false

in web.conf. However when I make requiredClientCert = true I am getting below errors

ERROR X509Verify - X509 certificate (CN=myCompanyCN) failed validation; error=19, reason="self signed certificate in certificate chain"
WARN  SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client certificate B', alert_description='unknown CA'.
WARN  HttpListener - Socket error from 127.0.0.1:60580 while idling: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

Here are my conf files

server.conf

[sslConfig]
enableSplunkdSSL = true
useClientSSLCompression = true
sslVersions = tls1.2
serverCert = $SPLUNK_HOME/etc/auth/mycerts/peer-chain-with-key.pem <=== contains peer cert, key, intermediate certs, root CA cert in this order
caCertFile = $SPLUNK_HOME/etc/auth/mycerts/ca-chain.pem
sslVerifyServerCert = true
requireClientCert = true

web.conf

# Securing splunk web
enableSplunkWebSSL = true
privKeyPath = etc/auth/mycerts/peer-key.pem
serverCert = etc/auth/mycerts/peer-chain-cert-without-key.pem <==== contains peer cert, int certs & root CA cert in this order
sslVersions = tls1.2
requireClientCert = true

Any help please

vtalanki · ‎04-22-2020

This issue has been resolved when I use sslRootCAPath in web.conf instead of caCertFile

View solution in original post

Suirand1 · ‎01-14-2021

I suppose you wanted to say in "server.conf" instead of "web.conf". I do get these errors even after configurig sslRootCAPath in server.conf

mustapha_arakji · ‎03-07-2023

https://docs.splunk.com/Documentation/Splunk/9.0.0/admin/Webconf

sslRootCAPath = <path>
* The path to a root certificate authority (CA) certificate, in privacy-enhanced
  mail (PEM) format, that splunkd is to use to authenticate client certificates
  under certain specific conditions.
* Splunkd uses the certificate specified at the path defined in this setting only
  when both 'requireClientCert' and 'enableCertBasedUserAuth' have a value of "true".
* If this setting has no value, splunkd falls back to the value of the 'sslRootCAPath'
  setting in server.conf.
* If you have already configured 'sslRootCAPath' in server.conf, the value of this
  setting does not override the setting of the same name in server.conf.
* No default.

vtalanki · ‎04-22-2020

This issue has been resolved when I use sslRootCAPath in web.conf instead of caCertFile

How to get multiple issues when enabling ssl on Splunk web with 3rd party certs with requiredClientCert = true?

other

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)