Hello,

In the first one I tested the OS's OpenSSL and with the command you mentioned, I get the following response: read:errno=0.

Quite often OS openssl didn't work correctly as there could be some version conflicts and missing libraries etc. if your PATH and LD_LIBRARY_PATH is incorrectly set. For that reason I always use Splunk's openssl version.

Basically that means that you can read it, but for some reason it cannot get any real answer. Just read and response is OK (errno=0).

You could also try curl -vk https://host:port to try if this get more information?

I think that you have some issues with your TLS settings on your configuration.

Could you tell exactly what you have tied to achieve and what you have done?
Add also all those *.conf files inside </> blocks with masked **** passwords etc.

Have you look this instructions: https://conf.splunk.com/files/2023/slides/SEC1936B.pdf this presentation is excellent bootcamp for use TLS with Splunk.

Hello,

I ran the following command: curl -vk https://host:port
and received this :

*   Trying host:port...
* Connected to host (host) port port (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.example.com
*  start date: Feb 19 15:15:40 2024 GMT
*  expire date: Jan 19 14:02:43 2025 GMT
*  issuer: C=*; ST=*; L=*; O=SSL Corporation; CN=
*  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/1.1
> Host: host:port
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sun, 6 Jan 2025 08:30:21 GMT
< Content-Type: text/xml; charset=UTF-8
< X-Content-Type-Options: nosniff
< Content-Length: 1994
< Connection: Keep-Alive
< X-Frame-Options: SAMEORIGIN
< Server: Splunkd
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>

  <title>splunkd</title>

  <updated>2025-01-06T09:30:21+01:00</updated>
  <generator build="d8bb32809498" version="9.3.2"/>
  <author>
    <name>Splunk</name>
  </author>
  <entry>
    <title>services</title>

    <updated>1970-01-01T01:00:00+01:00</updated>
    <link href="/services" rel="alternate"/>
  </entry>
  <entry>
    <title>servicesNS</title>

    <updated>1970-01-01T01:00:00+01:00</updated>
    <link href="/servicesNS" rel="alternate"/>
  </entry>
  <entry>
    <title>static</title>
    
    <updated>1970-01-01T01:00:00+01:00</updated>
    <link href="/static" rel="alternate"/>
  </entry>
</feed>
* Connection #0 to host host left intact
 

For security reasons some fields have been removed/changed.

How about those configuration files?
This was connection to management port like 8089?
Are you trying to use self signed certificates for all needed ports (web, mgmt, s2s etc.)?

Hello,

The configuration files contain the following:

[sslConfig]
enableSplunkdSSL = true
sslPassword = value
sslRootCAPath = /path/to/ca/cert
serverCert = /path/to/srv/cert
caTrustStore = splunk
caTrustStorePath = path/to/trust/ca
caPath = path/to/trust/c
caCertFile = path/to./ca

Yes, the connection was to the management port.

The self-signed certificate was only for the web interface (and I have no issues regarding that).

However, the problem lies between the components of the architecture.

Check the logs on the receiving end (the server you're connecting to). You can dump the traffic and check if the TLS negotiation is happening properly but I suspect it does up to a point when you're getting refused by the receiving end. But the question is why and that should be in your splunkd.log.