I am pretty new to splunk. We are implementing heavy forwarder on EC2 instance which receives the data from UF and forwards to splunk cloud. I am trying to test the data forwarding by configuring default splunk certs on HF inputs.conf and UF outputs.conf . But I am seeing below errors on the HF. Any pointers would be most appreciated.
WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read server certificate B', alert_description='unknown CA'.
ERROR TcpOutputFd - Connection to host=xxx.xxx.xxx.xxx:9997 failed. sock_error = 0. SSL Error = error:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.
Hi @Amogh88
To forward data from HF to Splunk cloud we have to add SSL config in outputs.conf of HF to communicate with splunkcloud instances as like below :
sslCertPath = *********(Path of cert)
sslRootCAPath = ******** (Path of RootCA)
sslPassword = *******
sslCommonNameToCheck = {certname}
sslVerifyServerCert = true
useClientSSLCompression = true
Hope this will help you to resolve your issue.