Splunk Enterprise

Why is using SSLconfig in server.conf is causing 500 internal error?

aamer86
Path Finder

Hi,

We have PKI infra using root and intermediate certificate servers 

 

I have setup SSL on server.conf and web.conf . using the same pem cert 

private key doesnt have password protection 

 

web.conf

 [settings]
privKeyPath = /opt/splunk/etc/auth/mycerts/server.key
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
enableSplunkWebSSL = true
httpport = 443

server.conf 

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/mycerts/root.pem
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
sslPassword =

I am also using ldap integration over ssl 

when i enable sslconfig on server.conf I start getting slow splunk web and 500 internal errors 

when I disable sslConfigs Splunk web works find and my certificates are being recognized on the web browser 

 

Can you advise on what could be the cause of this behavior 

checking the logs I see the below Errors 

from splunkd.log 

07-22-2020 09:33:51.954 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/splunk_monitoring_console/bin/dmc_config.py" Socket error communicating with splunkd (error=('_ssl.c:726: The handshake operation timed out',)), path = /services/shcluster/config?output_mode=json

 

from web-service.log 

 

2020-07-22 09:35:57,816 ERROR [5f17ec3fc77f08942c2710] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info
2020-07-22 09:35:57,817 INFO [5f17ec3fc77f08942c2710] startup:139 - Splunk appserver version=UNKNOWN_VERSION build=000 isFree=False isTrial=True
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:272 - require_login - no splunkd sessionKey variable set; request_path=/en-US/
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:280 - require_login - redirecting to login
2020-07-22 09:36:27,994 ERROR [5f17ec5df57f08942c8510] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info

 

 

 

Labels (2)
Tags (2)

jamaluddin-khan
Engager

Hi,
Please let me know if you were able to resolve the issue. I am facing quiet the same issue.

Thank you in advance.

0 Karma

harsmarvania57
Ultra Champion

Hi,

Have you tried to encrypt private key with password and then set sslPassword in server.conf

 

In addition serverCert = /opt/splunk/etc/auth/mycerts/server.pem must contain certificate, private key and intermediate/root CA, have a look at https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/HowtoprepareyoursignedcertificatesforSpl...

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...