HF config eg:-
inputs.conf
[splunktcp-ssl://9997]
disabled = 0
[SSL]
password = abc
requireClientCert = true
rootCA = /opt/splunk/splunk/etc/system/certs/xyz.pem
serverCert = /opt/splunk/splunk/etc/system/certs/abc.pem
sslVersions = tls
[splunktcp-ssl://9996]
disabled = 0
[SSL]
password = abc
requireClientCert = true
rootCA = /opt/splunk/splunk/etc/system/certs/xyz.cer
serverCert = /opt/splunk/splunk/etc/system/certs/def.pem
sslVersions = tls
using two different cert as one create with sha1 and other with sha256
Thanking
Yes but you put all the SSL KvPs you have under the splunktcp-ssl stanzas instead.
[splunktcp-ssl]
serverCert =
sslPassword =
requireClientCert =
sslVersions =
cipherSuite =
ecdhCurves =
dhFile =
allowSslRenegotiation = true|false
sslQuietShutdown = [true|false]
sslCommonNameToCheck = , , ...
sslAltNameToCheck = , , ...
above inputs.conf is working config if run with only single stanza, (i.e. either port 9996 or 9997), but this wont work when we combine config as shown above,
please try to provide config eg,
You can't have two [SSL] stanzas in the same inputs.conf. They are conflicting with one another.
You need to configure each cert under their respective [splunktcp-ssl://PORT] stanzas