Deployment Architecture

Why is the server.conf when trying to secure 8089 port, is broken from connecting to the Deployment server?

cleelakrishna
Loves-to-Learn

Configured web.conf and server.conf in order to secure port 8089, which was successful but upon checking the connections to a Deployment server, it got broken. Heavy Forwarder is not connecting to the Deployment server.

web.conf:

[settings]
#Updated Splunkd Connection Timeout from 30 to 120
splunkdConnectionTimeout = 30
enableSplunkWebSSL = true
privKeyPath = etc/auth/splunk-qa/private.key.pem
caCertPath = etc/auth/splunk-qa/splunkhost.com.pem

server.conf

[sslConfig]
sslPassword = abcdefghi
enableSplunkdSSL = true
serverCert = $SPLUNK_HOME/etc/auth/splunk-qa/splunkhost.com.pem
privKeyPath = $SPLUNK_HOME/etc/auth/splunk-qa/private.key.pem
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH

Please let me know if I need to make any changes. Help will be appreciated.

0 Karma

micahkemp
Champion

Some error messages from splunkd.log would be helpful.

Does splunkhost.com.pem include the certificate chain (certificate, intermediate certificate, root certificate)?

0 Karma

cleelakrishna
Loves-to-Learn

yes, it has the certificate chain

0 Karma

micahkemp
Champion

Does it also include the private key? The splunkd certificate file has a slightly different requirement from the web certificate file, in that it must also include the key.

0 Karma

cleelakrishna
Loves-to-Learn

TcpOutputProc - Connected to idx=1234213423:9997, pset=0, reuse=0.
02-14-2018 10:08:56.569 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected
02-14-2018 10:09:00.585 -0500 INFO TcpOutputProc - Closing stream for idx=23424:9997
02-14-2018 10:09:00.586 -0500 INFO TcpOutputProc - Connected to idx=23424322:9997, pset=0, reuse=0.
02-14-2018 10:09:10.497 -0500 INFO TcpOutputProc - Closing stream for idx=123423142:9997
02-14-2018 10:09:10.497 -0500 INFO TcpOutputProc - Connected to idx=1234241:9997, pset=0, reuse=0.
02-14-2018 10:09:16.570 -0500 INFO DC:DeploymentClient - channel=tenantService/handshake Will retry sending handshake message to DS; err=not_connected

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...