Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unable to use DBConnect when server.conf:requireClientCert=true

abonuccelli_spl
Splunk Employee
Splunk Employee
‎04-08-2014 04:03 AM

Hi,

as soon as I set

server.conf
[sslConfig]
requireClientCert = true

I can see these entries in splunkd.log:

Splunkd.log 
01-28-2014 13:31:55.120 +0100 ERROR TcpInputFd - SSL Error = error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate 
01-28-2014 13:31:55.120 +0100 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0 
01-28-2014 13:31:55.120 +0100 ERROR TcpInputFd - SSL Error for fd from HOST:127.0.0.1, IP:127.0.0.1, PORT:47764

and DBConnect JBridge server stops working:

jbridge.log 
2014-01-28 13:31:53,894 DEBUG Starting JavaBridgeServer... 
2014-01-28 13:31:53,897 INFO Started JavaBridgeServer PID=9852 
2014-01-28 13:31:53,897 DEBUG starting pid watcher... 
2014-01-28 13:31:55,177 DEBUG Error waiting for process: Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:195) at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:203) at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32) at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40) at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313) at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128) at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077) at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1705) at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:122) at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:972) at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1087) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1006) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:285) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) at com.splunk.rest.Splunkd.request(Splunkd.java:212) at com.splunk.rest.Splunkd.request(Splunkd.java:98) at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:193) ... 6 more 
2014-01-28 13:31:55,177 DEBUG JavaBridgeServer terminated

What is the problem?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

abonuccelli_spl
Splunk Employee
Splunk Employee
‎04-08-2014 04:05 AM

This config unfortunately not yet supported and code change is estimated to be delivered in next major version of DBConnect.

See also:
http://docs.splunk.com/Documentation/DBX/1.1.3/DeployDBX/Releasenotes#Known_issues

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

abonuccelli_spl
Splunk Employee
Splunk Employee
‎04-08-2014 04:05 AM

This config unfortunately not yet supported and code change is estimated to be delivered in next major version of DBConnect.

See also:
http://docs.splunk.com/Documentation/DBX/1.1.3/DeployDBX/Releasenotes#Known_issues

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...