Attempting to set up new Splunk 7.2.4.2 server on Redhat 7 using our own cert. Splunk web works fine with https using our cert. Configured inputs.conf and server.conf to allow ssl for receiving from forwarders. Get the following ERROR in splunkd.log:
TcpInputConfig - SSL context not found. Will not open splunk to splunk (SSL) IPv4 port 9997
inputs.conf and server.conf are as follows:
inputs.conf
[default]
host = myserver.com
[splunktcp-ssl:9997]
disabled = 0
[SSL]
serverCert = $SPLUNK_HOME/etc/auth/mycert.pem
sslPassword = mypassword
requireClientCert = false
server.conf
[general]
serverName = myserver.com
pass4SymmKey = symmkey
[sslConfig]
sslRootCAPath = $SPLUNK_HOME/etc/auth/rootcert.pem
Also perhaps a related issue?
ERROR IntrospectionGenerator:resource_usage - KVStoreConfigurationProvider - Unable to read an X509 cert from '' file
Thanks!
Looking at this specific error:
ERROR IntrospectionGenerator:resource_usage - KVStoreConfigurationProvider - Unable to read an X509 cert from '' file.
It seems like the file was not found. Make sure the $SPLUNK_HOME variable is set and verify the cert file in the specified path and try again.
Seems like it must be set and the cert file is in the path because my web.conf uses $SPLUNK_HOME with the same cert and it works:
web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath = $SPLUNK_HOME/etc/auth/mykey.pem
serverCert = $SPLUNK_HOME/etc/auth/mycert.pem
httpport = 8000
mgmtHostPort = 127.0.0.1:8089
appServerPorts = 8065