I got the following Error when trying to Start TCPInput with SSL:
ERROR SSLCommon - can't load CA certificates from /opt/splunk/etc/apps/XXXX/certs/XXXX.crt
Very straight forward config:
inputs.conf
[splunktcp-ssl:9997]
disabled = 0
[SSL]
sslPassword = XXXXXXXXXXXXX
serverCert = $SPLUNK_HOME/etc/apps/XXXXXXXX/certs/XXXXXX.pem
sslVersions = tls, -tls1.0
requireClientCert = true
server.conf:
[sslConfig]
sslRootCAPath = $SPLUNK_HOME/etc/apps/XXXXX/certs/XXXXX.crt
My CA-Certificate startet with
-----BEGIN TRUSTED CERTIFICATE-----
and ended in:
-----END TRUSTED CERTIFICATE-----
As soon as I deleted "TRUSTED" and made the CA-Cert look like the examples:
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
It finally worked. There is not much more info to link to.
My CA-Certificate startet with
-----BEGIN TRUSTED CERTIFICATE-----
and ended in:
-----END TRUSTED CERTIFICATE-----
As soon as I deleted "TRUSTED" and made the CA-Cert look like the examples:
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
It finally worked. There is not much more info to link to.