×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
JahanviVV
Observer
Member since: 2 weeks ago
2 weeks ago
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-29-2025
View All

Re: SSL handshake failure between Universal Forwar...

by in Splunk Enterprise
2 weeks ago
2 weeks ago
Hi, Thank you for your response. Yes, the new certificate is issued by the same internal CA (PepsiCoCA01). The new certificate includes both Root CA and Intermediate CA in the chain. When I run the command: openssl s_client -connect ppsplix01.corp.pep.pvt:9997 -showcerts I get the error: "no peer certificate available" and "ssl handshake failure". This confirms that the indexer is not presenting any certificate. We suspect that Splunk 7.2.3 may not be able to properly load or handle the renewed certificate, as the environment still uses this version (due for upgrade). Could you please confirm if this issue is related to the old OpenSSL version in Splunk 7.2.3, or if there is any workaround to make it work temporarily until we upgrade? Thank you. ... View more

SSL handshake failure between Universal Forwarder ...

by in Splunk Enterprise
2 weeks ago
2 weeks ago
I am facing an SSL handshake issue after renewing the certificate on our indexer node. Earlier data ingestion from the UF server stopped after certificate renewal. When we revert to the old certificate and set `sslVerifyServerCert = false` in outputs.conf, data flows successfully. With the new certificate in place, SSL handshake fails with: "ssl23_write:ssl handshake failure" and "no peer certificate available" errors. Indexer and UF details: - Indexer - UF - Port: 9997 (SSL enabled) - Splunk UF Version: 9.1.7 - Splunk Enterprise Version: 7.2.3 - Certificate renewed from internal CA (PepsiCoCA01) Please assist in identifying the issue ... View more
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago