Splunk Enterprise Security

Unable to connect to license master since certification modifications

securiteinforma
Explorer

Hello,
In order to make syslog communication through TLS work, I followed this procedure (https://docs.splunk.com/Documentation/Splunk/8.0.2/Security/Howtoself-signcertificates) on one node.
I backed up the original cacert.pem and copy the new root certificate just created to $SPLUNK_HOME/etc/auth/cacert.pem
I also copied the server certificate to $SPLUNK_HOME/etc/auth/server.pem and change the configuration in files $SPLUNK_HOME/etc/apps/launcher/local/inputs.conf and $SPLUNK_HOME/etc/system/local/server.conf

Since then, I have the error log :
ERROR LMTracker - failed to send rows, reason='Unable to connect to license master=https://xxx:8089 Error connecting: SSL not configured on client'
(xxx correspond to the license master server)

So I tried to restore original cacert.pem and server.pem but i still get the error.
I tried to connect to the license master through TLS with curl but I get an error (Peer's Certificate has expired)
I checked the license master certificate and it appears to be expired since one month.
But license verification is working from other Splunk nodes (on which I did not change root certificate) and curl too.
Also I am not able to renew this certificate as it is sign by the default root CA and I do not have the passphrase of the private key.

The connection to the web interface of this node does not work, I get an internal server error.

Could you please help me to figure out what is blocking the license verification?

Do not hesitate to tell me if you need more details.

Thanks in advance and have a nice day!

0 Karma

securiteinforma
Explorer

Reseting the default sslPassword in system/local/server.conf by deleting it and restarting splunk service solved this issue.

dtodd
Explorer

This worked for me as well, thanks!

Tags (1)
0 Karma

securiteinforma
Explorer

Second mistake, there is no passphrase for the private key of the Root CA nor for the server private key so I can renew the certificate.

0 Karma

securiteinforma
Explorer

But license verification is working from other Splunk nodes (on which I did not change root certificate) and curl too.
It is just about proxy configuration here.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...