tried version 9.0.1. No success, RequireClientCert = true still crashes GUI, and several issues. Without requireclientcert, upgrade readiness app still showing failed for "SSL Peer Config Check" and "MongoDB ...". I am missing something but don't know what. At last, tried using a self-signed certificate with X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection. Confirmed that it was a multipurpose certificate (both client and server) as well, but to no avail... GUI Error: ERROR [631af018aa7ff2d0185690] __init__:591-SSLerrorcommunicatingwithsplunkd, error="[SSL:TLSV1_ALERT_UNKNOWN_CA] tlsv1alertunknownca (_ssl.c:1106)", path=/services/authentication/users/splunkadmin
GUI Error as reported from backend python script: 2022-09-09 07:49:44,679 ERROR [631af018aa7ff2d0185690] error:335 - Traceback (most recent call last):
File "/opt/splunk/lib/python3.7/site-packages/splunk/rest/__init__.py", line 583, in simpleRequest
serverResponse, serverContent = h.request(uri, method, headers=headers, body=payload)
File "/opt/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1968, in request
cachekey,
File "/opt/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1626, in _request
conn, request_uri, method, body, headers
File "/opt/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1532, in _conn_request
conn.connect()
File "/opt/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1313, in connect
self.sock = self._context.wrap_socket(sock, server_hostname=self.host)
File "/opt/splunk/lib/python3.7/ssl.py", line 428, in wrap_socket
session=session
File "/opt/splunk/lib/python3.7/ssl.py", line 878, in _create
self.do_handshake()
File "/opt/splunk/lib/python3.7/ssl.py", line 1147, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:1106)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/splunk/lib/python3.7/site-packages/cherrypy/_cprequest.py", line 628, in respond
self._do_respond(path_info)
File "/opt/splunk/lib/python3.7/site-packages/cherrypy/_cprequest.py", line 687, in _do_respond
response.body = self.handler()
File "/opt/splunk/lib/python3.7/site-packages/cherrypy/lib/encoding.py", line 219, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/htmlinjectiontoolfactory.py", line 75, in wrapper
resp = handler(*args, **kwargs)
File "/opt/splunk/lib/python3.7/site-packages/cherrypy/_cpdispatch.py", line 54, in __call__
return self.callable(*self.args, **self.kwargs)
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/routes.py", line 383, in default
return route.target(self, **kw)
File "</opt/splunk/lib/python3.7/site-packages/decorator.py:decorator-gen-1208>", line 2, in render
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 40, in rundecs
return fn(*a, **kw)
File "</opt/splunk/lib/python3.7/site-packages/decorator.py:decorator-gen-1206>", line 2, in render
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 118, in check
return fn(self, *a, **kw)
File "</opt/splunk/lib/python3.7/site-packages/decorator.py:decorator-gen-1205>", line 2, in render
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 166, in validate_ip
return fn(self, *a, **kw)
File "</opt/splunk/lib/python3.7/site-packages/decorator.py:decorator-gen-1204>", line 2, in render
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 244, in preform_sso_check
update_session_user(sessionKey, remote_user)
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 188, in update_session_user
en = splunk.entity.getEntity('authentication/users', user, sessionKey=sessionKey)
File "/opt/splunk/lib/python3.7/site-packages/splunk/entity.py", line 277, in getEntity
serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True)
File "/opt/splunk/lib/python3.7/site-packages/splunk/rest/__init__.py", line 592, in simpleRequest
raise splunk.SplunkdConnectionException(msg)
splunk.SplunkdConnectionException: Splunkd daemon is not responding: ('SSL error communicating with splunkd, error="[SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:1106)", path=/services/authentication/users/splunkadmin',) Other issues: 09-09-2022 08:00:06.093 +0000 WARN SSLCommon [10232 HttpDedicatedIoThread-7] - Received fatal SSL3 alert. ssl_state='error', alert_description='handshake failure'.
09-09-2022 08:00:06.093 +0000 WARN HttpListener [10232 HttpDedicatedIoThread-7] - Socket error from 127.0.0.1:36446 while idling: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
... View more