SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certif...

castle1126 · ‎12-29-2010

Trying to configure SplunkLightForwarder with SSL for both encryption and mutual authentication, but no connection is made. On the receiver the connection is failing with the error message: ERROR TcpInputProc - Error encountered for connection from host=10.2.3.4, ip=10.2.3.4. error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

On the sender side: sslCertPath=$SPLUNK_HOME/etc/auth/cert/sender.pem sslPassword=password sslRootCAPath=$SPLUNK_HOME/etc/auth/cert/root.crt sslVerifyServerCert=true sslCommonNameToCheck=receiver.example.com

On the receiver side: [splunktcp-ssl://12345] disabled = false [SSL] serverCert=$SPLUNK_HOME/etc/auth/cert/reciever.pem password=password RootCA=$SPLUNK_HOME/etc/auth/cert/root.crt dhfile=$SPLUNK_HOME/etc/auth/cert/dhparams.pem requireClientCert=true

Thoughts anyone???

hexx · ‎01-26-2012

I would suggest a review of the procedure detailed in this tutorial to set up splunk-2-splunk communication using SSL certificates signed by a 3rd party certificate authority.

The troubleshooting section might help you to pinpoint where the issue with your current configuration is.

castle1126 · ‎12-30-2010

No I haven't tried with the Splunk PEMs created during install. These are certs built against our PKI infrastructure here, and check out as valid and correct within our environment.

araitz · ‎12-30-2010

Does it work if you specify the default splunk cacert.pem and server.pem? If so, this would indicate a problem with your custom root cert and/or server cert.

SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor