We have 6.4.3 in production, and I'm just starting to test 6.5.0. When configuring SSL, I've found a few of the deprecated settings, and have fixed them. It works when I use the default Splunk certificates, but when I try to specify my own certificates, located in a different directory, I receive this error:
ERROR TcpInputConfig - SSL context cannot be created due to missing settings, Will not open Splunk to Splunk (SSL) IPv4 port 9997
I swap between the certificates by changing inputs.conf/serverCert and server.conf/sslRootCAPath to point to the appropriate certificates. I've not found anything in splunkd.log to indicate what settings are missing.
In case it matters, my certificates were created using a version of genRootCA.sh that was modified to use -sha256 instead of -sha1, and I invoke it with -l 2048, as our security compliance requires the longer key and sha256.
↧