SSL is already complex one, this poor documentation adds the **fuel to the fire**
https://docs.splunk.com/Documentation/Splunk/6.4.4/Security/ConfigureSplunkforwardingtousesignedcertificates
this says, we should update server.conf with sslRootCAPath info, but when splunkd restarts, it says the other way around.
[root@UF /app/JE0/splunkforwarder/etc/twoCerts]#/app/splunkforwarder/bin/splunk restart
Stopping splunkd...
Shutting down. Please wait, as this may take a few minutes.
............ [ OK ]
Stopping splunk helpers...
[ OK ]
Done.
Splunk> All batbelt. No tights.
Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for problems...
**Invalid key in stanza [sslConfig] in /app/splunkforwarder/etc/system/local/server.conf, line 19: sslRootCAPath (value: /app/splunkforwarder/etc/twoCerts/cacert.pem). **
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'
Done
Checking default conf files for edits...
Validating installed files against hashes from '/app/splunkforwarder/splunkforwarder-6.3.4-cae2458f4aef-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
[ OK ]
[root@UF /app/splunkforwarder/etc/twoCerts]#
↧