hey
I configure an SSL forward.
But I have this error :
Forwarder - Error :
TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will not be available
ERROR SSLCommon - Can't read certificate file /root/ca/requests/splunk3-key.pem errno=151441516 error:0906D06C:PEM routines:PEM_read_bio:no start line
08-27-2014 09:29:16.110 +0200 ERROR TcpOutputProc - Error initializing SSL context - invalid sslCertPath for server 2.2.2.2:1000
Receiver -error :
08-27-2014 09:42:16.327 +0200 ERROR SSLCommon - Can't read certificate file /root/ca/extern/splunk3-key.pem errno=151441516 error:0906D06C:PEM routines:PEM_read_bio:no start line
08-27-2014 09:42:16.327 +0200 ERROR TcpInputConfig - SSL server certificate not found, or password is wrong - SSL ports will not be opened
08-27-2014 09:42:16.327 +0200 ERROR TcpInputConfig - SSL context not found. Will not open splunk 2 splunk (SSL) IPv4 port 1000
In receiver :
/root/ca/extern/:
-rw------- 1 root root 1919 Aug 27 08:25 cacert.pem
-rw------- 1 root root 1751 Aug 27 08:25 splunk3-key.pem
inputs.conf
[splunktcp-ssl://1000]
compressed = true
connection_host = 1.1.1.1
queueSize=1MB
persistentQueueSize=4GB
_TCP_ROUTING = splunk3-ad
[SSL]
password = my_password
requireClientCert = false
rootCA = /root/ca/extern/cacert.pem
serverCert = /root/ca/extern/splunk3-key.pem
In forwarder :
/root/ca/requests:
-rw-r--r-- 1 root root 960 Aug 27 08:15 splunk3-cert.csr
-rw-r--r-- 1 root root 0 Aug 27 08:16 splunk3-cert.pem
-rw-r--r-- 1 root root 1751 Aug 27 08:12 splunk3-key.pem
outputs.conf
[tcpout]
backoffOnFailure = 5
channelReapInterval = 60000
channelReapLowater = 10
channelTTL = 60
compressed = true
defaultGroup = syslog-ad,file-rweb
dnsResolutionInterval = 300
negotiateNewProtocol = true
readTimeout = 900
useACK = true
writeTimeout = 5
indexAndForward = 0
[tcpout:syslog-ad]
server = 2.2.2.2:1000
maxQueueSize = 10MB
dropEventsOnQueueFull = -1
sslCertPath = /root/ca/requests/splunk3-key.pem
sslPassword = my_password
sslRootCAPath = /root/ca/cacert.pem
usesslCompression = true
sslVerifyServerCert = false
#useClientSSLCompression = true
Someone have any ideas ?
Thanks
Hi,
I'm not sure on your specific error, but it could be down to missing or incorrectly placed private keys.
Have a look at this wiki, and see if it helps. I'm sure someone more educated than me will be along to help with more specifics soon.
http://wiki.splunk.com/Community:SplunkWeb_SSL_SelfSignedCert_NewRootCA
Regards
Derek
Have you generated the private key on the right server ? It looks to me like you generated it on the forwarder ?
The key generation should be done on the Indexer I believe.
Derek
I try this :
mkdir mycerts
export OPENSSL_CNF=/opt/splunkforwarder/openssl/openssl.cnf
cd mycerts/
openssl genrsa -des3 -out myCAKey.key 2048
openssl req -new -key myCAKey.key -out myCACert.csr
openssl x509 -req -in myCACert.csr -signkey myCAKey.key -out myCACert.pem -days 3650
openssl genrsa -des3 -out slk-private.key 2048
openssl rsa -in slk-private.key -out slk-private.key
openssl rsa -in slk-private.key -text
openssl req -new -key slk-private.key -out slk-Cert.csr
openssl x509 -req -in slk-Cert.csr -CA myCACert.pem -CAkey myCAKey.key -CAcreateserial -out slk-Cert.pem -days 1095
cat slk-Cert.pem myCACert.pem > slk-conc-Cert.pem
And in conf file (outputs), modifying path :
sslCertPath = /opt/splunkforwarder/etc/auth/mycerts/slk-conc-Cert.pem
sslPassword = my_password_no_hash
sslRootCAPath = /opt/splunkforwarder/etc/auth/mycerts/myCACert.pem
Logs outputs / errors :
08-27-2014 11:33:03.403 +0200 ERROR SSLCommon - Can't read key file /opt/splunkforwarder/etc/auth/mycerts/slk-conc-Cert.pem errno=151441516 error:0906D06C:PEM routines:PEM_read_bio:no start line.
08-27-2014 11:33:03.403 +0200 ERROR TcpOutputProc - Error initializing SSL context - invalid sslCertPath for server 2.2.2.2:1000
Old erros with old certificates :
TcpInputConfig - SSL clause not found or servercert not provided - SSL ports will not be available
ERROR SSLCommon - Can't read certificate file /root/ca/requests/splunk3-key.pem errno=151441516 error:0906D06C:PEM routines:PEM_read_bio:no start line
08-27-2014 09:29:16.110 +0200 ERROR TcpOutputProc - Error initializing SSL context - invalid sslCertPath for server 2.2.2.2:1000
It's better than before, but not working.