Hello,
I am trying to connect Splunk Forwarder 6.3.3 to Indexer 6.6.3. I am getting the below error while using ssl:
ERROR TcpOutputFd - Connection to host=xx.x.xxx.xxx:9997 failed. sock_error = 0. SSL Error = error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
01-02-2019 02:19:35.424 -0600 ERROR TcpOutputFd - Connection to host=xx.x.xxx.xxx:9997 failed. sock_error = 0. SSL Error = error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
The outputs.conf file on forwarder is:
[tcpout:x_Indexers]
disabled = false
server = abc:9997
autoLB = true
compressed = false
sslpassword = abcd
sslRootCAPath = abc/abc.crt
sslCertPath = abc/abc.pem
The inputs.conf file on Indexer is:
[splunktcp-ssl://9997]
connection_host = abc
[SSL]
compressed = false
password = abcd
requireClientCert = false
rootCA = abc/abc.crt
serverCert = abc/abc.pem
Not sure what is the issue?
Hello,
The issue has been solved after upgrading the forwarder to 6.6 version.
Hello,
The issue has been solved after upgrading the forwarder to 6.6 version.
Btw, please look at Why are there different names for inputs.conf and outputs.conf?
The config parameter names have evolved....
Didn't get you?
Just wanted to say that some of the configuration parameters for SSL changed their names ; -)
Please follow steps in the documentation :
https://docs.splunk.com/Documentation/Splunk/7.2.3/Security/ConfigureSplunkforwardingtousesignedcert...
I have done based on this only. But still didn't work out. Any suggestion based on the error?
Look like you didn't follow document properly, it will be good to provide absolute path for certificates and on Indexer and Forwarder sslRootCAPath
should be in server.conf
Please go through documentation provided by @p_gurav and you will able to configure it easily.
@harsmarvania57
I have followed the doc. As per the doc, server.conf need to defined in Linux system not in case of windows.
And also the same configuration is working in one system where Forwarder is on Windows and Indexer in Windows.
Issue is persisting in case of using Linux Forwarder and Window Forwarder. And In Linux Forwarder i have already pass the sslRootCAPath in server.conf
On forwarder, in outputs.conf please change sslPassword = abcd
, P
is in capital. Also provide Absolute path for certificate, for example Linux forwarder /opt/splunkforwarder/etc/auth/abc/abc.pem
.
On indexer, in inputs.conf connection_host
should be ip, dns or None
Also can you please confirm are you using same certificate on Indexer and Forwarder?
Hello @harsmarvania57
These setting are already in place.
connection_host is set to ip already. I have just send a snapshot kind of thing.
The same setting is working between Windows forwarder and Window indexer.
Is there any issue with forwarder version?
So what is forwarder version and OS Version? and Splunk version on Indexer and OS version ?