Splunk Enterprise Security

Unable to connect to license master since certification modifications

securiteinforma
Explorer

Hello,
In order to make syslog communication through TLS work, I followed this procedure (https://docs.splunk.com/Documentation/Splunk/8.0.2/Security/Howtoself-signcertificates) on one node.
I backed up the original cacert.pem and copy the new root certificate just created to $SPLUNK_HOME/etc/auth/cacert.pem
I also copied the server certificate to $SPLUNK_HOME/etc/auth/server.pem and change the configuration in files $SPLUNK_HOME/etc/apps/launcher/local/inputs.conf and $SPLUNK_HOME/etc/system/local/server.conf

Since then, I have the error log :
ERROR LMTracker - failed to send rows, reason='Unable to connect to license master=https://xxx:8089 Error connecting: SSL not configured on client'
(xxx correspond to the license master server)

So I tried to restore original cacert.pem and server.pem but i still get the error.
I tried to connect to the license master through TLS with curl but I get an error (Peer's Certificate has expired)
I checked the license master certificate and it appears to be expired since one month.
But license verification is working from other Splunk nodes (on which I did not change root certificate) and curl too.
Also I am not able to renew this certificate as it is sign by the default root CA and I do not have the passphrase of the private key.

The connection to the web interface of this node does not work, I get an internal server error.

Could you please help me to figure out what is blocking the license verification?

Do not hesitate to tell me if you need more details.

Thanks in advance and have a nice day!

0 Karma

securiteinforma
Explorer

Reseting the default sslPassword in system/local/server.conf by deleting it and restarting splunk service solved this issue.

dtodd
Explorer

This worked for me as well, thanks!

Tags (1)
0 Karma

securiteinforma
Explorer

Second mistake, there is no passphrase for the private key of the Root CA nor for the server private key so I can renew the certificate.

0 Karma

securiteinforma
Explorer

But license verification is working from other Splunk nodes (on which I did not change root certificate) and curl too.
It is just about proxy configuration here.

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...