Splunk Enterprise

Why is using SSLconfig in server.conf is causing 500 internal error?

aamer86
Path Finder

Hi,

We have PKI infra using root and intermediate certificate servers 

 

I have setup SSL on server.conf and web.conf . using the same pem cert 

private key doesnt have password protection 

 

web.conf

 [settings]
privKeyPath = /opt/splunk/etc/auth/mycerts/server.key
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
enableSplunkWebSSL = true
httpport = 443

server.conf 

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/mycerts/root.pem
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
sslPassword =

I am also using ldap integration over ssl 

when i enable sslconfig on server.conf I start getting slow splunk web and 500 internal errors 

when I disable sslConfigs Splunk web works find and my certificates are being recognized on the web browser 

 

Can you advise on what could be the cause of this behavior 

checking the logs I see the below Errors 

from splunkd.log 

07-22-2020 09:33:51.954 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/splunk_monitoring_console/bin/dmc_config.py" Socket error communicating with splunkd (error=('_ssl.c:726: The handshake operation timed out',)), path = /services/shcluster/config?output_mode=json

 

from web-service.log 

 

2020-07-22 09:35:57,816 ERROR [5f17ec3fc77f08942c2710] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info
2020-07-22 09:35:57,817 INFO [5f17ec3fc77f08942c2710] startup:139 - Splunk appserver version=UNKNOWN_VERSION build=000 isFree=False isTrial=True
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:272 - require_login - no splunkd sessionKey variable set; request_path=/en-US/
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:280 - require_login - redirecting to login
2020-07-22 09:36:27,994 ERROR [5f17ec5df57f08942c8510] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info

 

 

 

Labels (2)
Tags (2)

jamaluddin-khan
Engager

Hi,
Please let me know if you were able to resolve the issue. I am facing quiet the same issue.

Thank you in advance.

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Have you tried to encrypt private key with password and then set sslPassword in server.conf

 

In addition serverCert = /opt/splunk/etc/auth/mycerts/server.pem must contain certificate, private key and intermediate/root CA, have a look at https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/HowtoprepareyoursignedcertificatesforSpl...

0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...