Splunk Enterprise

Why is using SSLconfig in server.conf is causing 500 internal error?

Path Finder


We have PKI infra using root and intermediate certificate servers 


I have setup SSL on server.conf and web.conf . using the same pem cert 

private key doesnt have password protection 



privKeyPath = /opt/splunk/etc/auth/mycerts/server.key
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
enableSplunkWebSSL = true
httpport = 443


sslRootCAPath = /opt/splunk/etc/auth/mycerts/root.pem
serverCert = /opt/splunk/etc/auth/mycerts/server.pem
sslPassword =

I am also using ldap integration over ssl 

when i enable sslconfig on server.conf I start getting slow splunk web and 500 internal errors 

when I disable sslConfigs Splunk web works find and my certificates are being recognized on the web browser 


Can you advise on what could be the cause of this behavior 

checking the logs I see the below Errors 

from splunkd.log 

07-22-2020 09:33:51.954 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/splunk_monitoring_console/bin/dmc_config.py" Socket error communicating with splunkd (error=('_ssl.c:726: The handshake operation timed out',)), path = /services/shcluster/config?output_mode=json


from web-service.log 


2020-07-22 09:35:57,816 ERROR [5f17ec3fc77f08942c2710] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info
2020-07-22 09:35:57,817 INFO [5f17ec3fc77f08942c2710] startup:139 - Splunk appserver version=UNKNOWN_VERSION build=000 isFree=False isTrial=True
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:272 - require_login - no splunkd sessionKey variable set; request_path=/en-US/
2020-07-22 09:35:57,818 INFO [5f17ec3fc77f08942c2710] decorators:280 - require_login - redirecting to login
2020-07-22 09:36:27,994 ERROR [5f17ec5df57f08942c8510] __init__:522 - Socket error communicating with splunkd (error=_ssl.c:1074: The handshake operation timed out), path = /services/server/info




Labels (2)
Tags (2)


Please let me know if you were able to resolve the issue. I am facing quiet the same issue.

Thank you in advance.

0 Karma



Have you tried to encrypt private key with password and then set sslPassword in server.conf


In addition serverCert = /opt/splunk/etc/auth/mycerts/server.pem must contain certificate, private key and intermediate/root CA, have a look at https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/HowtoprepareyoursignedcertificatesforSpl...

0 Karma
Get Updates on the Splunk Community!

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...