Hi,
I am installing the universal forwarder (6.2) on redhat. I am running into several issues with the SSL setup. I am using my own selfsigned certs. This is working fine in an old 4.2 universal forwarder setup.
After extracting splunk I do the following:
1) Copy my certs to /etc/auth/server.pem and /etc/auth/ca.pem
2) update /etc/system/local/inputs.conf with
...
[tcpout-server://splunkserver.ec2.local:9997]
sslCertPath = /usr/local/splunkforwarder/etc/auth/server.pem
sslPassword = mypassword
sslRootCAPath = /usr/local/splunkforwarder/etc/auth/ca.pem
sslVerifyServerCert = false
...
3) Update etc/system/default/server.conf
...
sslPassword = mypassword
...
4) Start splunk server with no configuration errors and etc/system/local/server.conf is generated
5) Find this error in splunkd.log
08-04-2016 13:07:13.134 -0700 ERROR TcpOutputFd - Connection to host=x.x.x.x:9997 failed. sock_error = 0. SSL Error = error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
What am I missing? Do I need to care about splunk.secret that manages the encryption of the sslpassword value in /etc/sytem/local/outputs and /etc/system/local/server.conf?
I can open my cert with password when doing:
openssl rsa -in /usr/local/splunkforwarder/etc/auth/server.pem -text
So the cert and passphrase is correct. What else should I consider? I have stopped splunk and set the sslKeysfilePassword in etc/system/local/server.conf. Start splunk but no luck. I have also tried the same for the sslPassword in etc/system/local/outputs.conf but not luck.
Any advice would be appreciated
Thanks,
Wouter
↧