My splunk default CA Certificate expired after 3 years. I generated new ones using this procedure.
http://docs.splunk.com/Documentation/Splunk/6.4.3/Security/Howtoself-signcertificates.
They worked on Universal forwarders. but am getting an error " Error initializing SSL context - check splunkd.log regarding configuration error for server" on a splunk instance on which a db-connect app is installed
This instance is not sending data to the indexer
my outputs.conf is like this
# cat /opt/splunk/etc/system/local
[tcpout]
defaultGroup = splunkssl
[tcpout:splunkssl]
server = x.x.x.x:9997
compressed = true
sslRootCAPath = $SPLUNK_HOME/etc/auth/mycerts/myCACertificate.pem
sslCertPath = $SPLUNK_HOME/etc/auth/mycerts/myNewCertificate.pem
sslPassword = $1$4NTKf0BFoFmH
sslVerifyServerCert = false
~
the indexer input.conf is like this
#cat /opt/splunk/etc/system/local/
[default]
host = splunk-svr-1
[splunktcp-ssl://9997]
connection_host = ip
#compressed = true
[SSL]
rootCA = $SPLUNK_HOME/etc/auth/mycerts/myCACertificate.pem
serverCert = $SPLUNK_HOME/etc/auth/mycerts/myServerCertificate.pem
password =
on the splunkd log
TcpOutputProc - Connected to idx=x.x.x.x:9997
why am i getting that error and why is data not being fowarded to indexer
↧