what is this ssl error?

a212830 · ‎09-27-2016

Hi,

I have a 6.2.6 UFW that won't connect to my deployment server. Not sure why - getting this error when starting the forwarder:

[hpov@ezpaasy splunk]$ ../../../bin/splunk start

Splunk> The IT Search Engine.

Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for problems...
ERROR SSLCommon - Can't read CA list
ERROR ServerConfig - Couldn't initialize SSL Context for HTTPClient in ServerConfig
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Declared role=universal_forwarder.
Done

And this error appears in the splunkd.log:

09-27-2016 10:27:38.731 -0400 ERROR HTTPClient - Should have gotten at least 3 tokens in status line, while getting response code. Only got 0.
09-27-2016 10:27:38.731 -0400 INFO HttpPubSubConnection - Secure HTTP POST failed: Unknown read error
09-27-2016 10:27:38.731 -0400 INFO HttpPubSubConnection - Could not obtain connection, will retry after=80 seconds.

Any suggestions? The deployment server is reachable and running. It is not busy, or over-worked.

jkat54 · ‎09-27-2016

Sounds like the SSL certificate has expired. The easiest way to renew it is to upgrade the forwarder to the latest version.

sloshburch · ‎10-04-2016

In which case see if the docs have something newer than this:
${SPLUNK_HOME}/bin/splunk createssl server-cert -d ${SPLUNK_HOME}/etc/auth -n server -l 2048 1> /dev/null

Let us know if that does it for ya.

what is this ssl error?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases