Splunk Enterprise

Cannot make work TLS connections INDEXER-FORWARDERS.

AllandNothing
Engager

Hello, i have no clues, thanks for reading in advance:

In any case, right now, i can't open splunk web because it gives me 500 internal error and i found the critical point: server.conf, i just tried and if don't put nothing it works, but if i put any path it brokes everything.

Behind this problem there is that after writing the configurations files (i followed the splunk documentation strictly so...) the connection doesnt't work when i try to troubleshoot.

I will post my files here so i hope it should be more clear what i did:

inputs.conf on the index:

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = /path/to/mycervercombinedfile.pem
sslPassword = mypass
requireClientCert = false

outputs.conf on the forwarders :

[tcpout]
defaultGroup = mygroup

[tcpout:mygroup]
server = index ip:9997
sslCertPath = path/to/my combinedservercert.pem
sslPassword = mypass
sslVerifyServerCert = true
useClientSSLCompression = true

server.conf on both index and forwarder:

[sslConfig]
sslPassword = mypass
sslRootCAPath = path/to/myCertAuthCertificate.pem

to putting something on web.conf i'm waiting to solve these internals problems before. I almost forgot to say that i do not think there is a problem with how i created the certificates, i repeated the process n times already and i followed the instructions; TheCaRootCert is the same that I shared with forwarders and index, then i created from this certificate, a separate one for all the servers involved and then i concatened them in one.

Thank so much for reading and i would appreciate receiving some advices on hot to proceed further, I'm going insane. 

P.S: Sorry for my english but i'm not a native speaker.

 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...