Splunk Enterprise

Why is using SSLconfig in server.conf is causing 500 internal error?

Path Finder


We have PKI infra using root and intermediate certificate servers 


I have setup SSL on server.conf and web.conf . using the same pem cert 

private key doesnt have password protection 



privKeyPath = /opt/splunk/etc/auth/mycerts/server.key
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
enableSplunkWebSSL = true
httpport = 443


sslRootCAPath = /opt/splunk/etc/auth/mycerts/root.pem
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
sslPassword =

I am also using ldap integration over ssl 

when i enable sslconfig on server.conf I start getting slow splunk web and 500 internal errors 

when I disable sslConfigs Splunk web works find and my certificates are being recognized on the web browser 


Can you advise on what could be the cause of this behavior 

checking the logs I see the below Errors 

from splunkd.log 

07-22-2020 09:33:51.954 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/splunk_monitoring_console/bin/dmc_config.py" Socket error communicating with splunkd (error=('_ssl.c:726: The handshake operation timed out',)), path = /services/shcluster/config?output_mode=json


from web-service.log 


2020-07-22 09:35:57,816 ERROR [5f17ec3fc77f08942c2710] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info
2020-07-22 09:35:57,817 INFO [5f17ec3fc77f08942c2710] startup:139 - Splunk appserver version=UNKNOWN_VERSION build=000 isFree=False isTrial=True
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:272 - require_login - no splunkd sessionKey variable set; request_path=/en-US/
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:280 - require_login - redirecting to login
2020-07-22 09:36:27,994 ERROR [5f17ec5df57f08942c8510] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info




Labels (2)
Tags (2)


Please let me know if you were able to resolve the issue. I am facing quiet the same issue.

Thank you in advance.

0 Karma



Have you tried to encrypt private key with password and then set sslPassword in server.conf


In addition serverCert = /opt/splunk/etc/auth/mycerts/server.pem must contain certificate, private key and intermediate/root CA, have a look at https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/HowtoprepareyoursignedcertificatesforSpl...

0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...