Hello, i have no clues, thanks for reading in advance: In any case, right now, i can't open splunk web because it gives me 500 internal error and i found the critical point: server.conf, i just tried and if don't put nothing it works, but if i put any path it brokes everything. Behind this problem there is that after writing the configurations files (i followed the splunk documentation strictly so...) the connection doesnt't work when i try to troubleshoot. I will post my files here so i hope it should be more clear what i did: inputs.conf on the index: [splunktcp-ssl:9997]
disabled = 0
[SSL]
serverCert = /path/to/mycervercombinedfile.pem
sslPassword = mypass
requireClientCert = false outputs.conf on the forwarders : [tcpout]
defaultGroup = mygroup
[tcpout:mygroup]
server = index ip:9997
sslCertPath = path/to/my combinedservercert.pem
sslPassword = mypass
sslVerifyServerCert = true
useClientSSLCompression = true server.conf on both index and forwarder: [sslConfig]
sslPassword = mypass
sslRootCAPath = path/to/myCertAuthCertificate.pem to putting something on web.conf i'm waiting to solve these internals problems before. I almost forgot to say that i do not think there is a problem with how i created the certificates, i repeated the process n times already and i followed the instructions; TheCaRootCert is the same that I shared with forwarders and index, then i created from this certificate, a separate one for all the servers involved and then i concatened them in one. Thank so much for reading and i would appreciate receiving some advices on hot to proceed further, I'm going insane. P.S: Sorry for my english but i'm not a native speaker.
... View more