Splunk Enterprise

Why is using SSLconfig in server.conf is causing 500 internal error?

Path Finder


We have PKI infra using root and intermediate certificate servers 


I have setup SSL on server.conf and web.conf . using the same pem cert 

private key doesnt have password protection 



privKeyPath = /opt/splunk/etc/auth/mycerts/server.key
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
enableSplunkWebSSL = true
httpport = 443


sslRootCAPath = /opt/splunk/etc/auth/mycerts/root.pem
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
sslPassword =

I am also using ldap integration over ssl 

when i enable sslconfig on server.conf I start getting slow splunk web and 500 internal errors 

when I disable sslConfigs Splunk web works find and my certificates are being recognized on the web browser 


Can you advise on what could be the cause of this behavior 

checking the logs I see the below Errors 

from splunkd.log 

07-22-2020 09:33:51.954 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/splunk_monitoring_console/bin/dmc_config.py" Socket error communicating with splunkd (error=('_ssl.c:726: The handshake operation timed out',)), path = /services/shcluster/config?output_mode=json


from web-service.log 


2020-07-22 09:35:57,816 ERROR [5f17ec3fc77f08942c2710] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info
2020-07-22 09:35:57,817 INFO [5f17ec3fc77f08942c2710] startup:139 - Splunk appserver version=UNKNOWN_VERSION build=000 isFree=False isTrial=True
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:272 - require_login - no splunkd sessionKey variable set; request_path=/en-US/
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:280 - require_login - redirecting to login
2020-07-22 09:36:27,994 ERROR [5f17ec5df57f08942c8510] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info




Labels (2)
Tags (2)


Please let me know if you were able to resolve the issue. I am facing quiet the same issue.

Thank you in advance.

0 Karma

Ultra Champion


Have you tried to encrypt private key with password and then set sslPassword in server.conf


In addition serverCert = /opt/splunk/etc/auth/mycerts/server.pem must contain certificate, private key and intermediate/root CA, have a look at https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/HowtoprepareyoursignedcertificatesforSpl...

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...