How to generate a server.pem key size of 2048?
I have a security finding that the server.pem key size is 1024, and needs to be 2048. In the question titled "How to check status of all SSL certificates in Splunk?" the file can be regenerated by...
View ArticleCan you encrypt password strings with splunk.secret manually?
So here's what I'm trying to do... I've stood up an index cluster and am testing some things at the moment. I used the splunk.secret from the cluster master instance and seeded it to all of the...
View ArticleSplunk CLI command fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake...
Have issue in 6.2.3 and Search Head Cluster- but I have reproduced it also on out of the box version 6.3.3 Standalone Splunk instance. Splunk has default out of the Box cipher in server.conf as shown...
View ArticleHow to handle SSL certificate verification for REST API calls from a Splunk...
I'm developing a Splunk Add-on, and use the REST API in a couple of places to do stuff like look up config values and items from storage/passwords. In testing, I've encountered the problem that I get...
View ArticleWhy am I getting error "global name 'ssl' is not defined" when Splunk invokes...
I have a simple bash script that I've configured as the coldToFrozenScript: set -e set -u if [ $# -lt 1 ]; then echo 1>&2 "usage: $0 " exit 1 fi bucket=$1 index=${bucket##*/} echo 1>&2...
View ArticleWhy is splunktcp-ssl + ciphersuite not working to disable weak ciphers for...
Hello, I want to disable weak ciphers for Splunk forwarder ports on my 6.3.3 indexer. The following snippet does not work in my inputs.conf. The default ciphers are still enabled: [splunktcp-ssl:9997]...
View ArticleTrying to configure SSL in Splunk, why is my forwarder reporting "certificate...
So I'm trying to simulate enabling SSL from all aspects of Splunk and I can't get the forwarder to talk to the indexer at all. I've followed along with both .conf presentations regarding SSL and the...
View ArticleWhy is SSL not working on our Splunk 6.3.0 Windows universal forwarder with...
We've been trying to get the Splunk Universal Forwarder for Windows (v6.3.0) to work on a Windows 2008 R2 server and we consistently get the following error. TcpInputConfig - SSL clause not found or...
View ArticleTrying to install an SSL certificate on a search head, why is it getting...
I'm trying to install an SSL certificate onto a search head and something is wrong. It'll start up with enableSplunkWebSSL set to "no" of course. [more /opt/splunk/etc/system/local/web.conf] [settings]...
View ArticleSplunkServerDefaultCert is showing as invalid host name mismatch when trying...
Hi All, When we try to connect to REST API, the `SplunkServerDefaultCert`is showing as Invalid `host name mismatch`. Though documentation suggests to disable certificate validation on client side to...
View ArticleTrying to integrate MHN with Splunk, but why am I getting error "Unable to...
![alt text][1] [1]: /storage/temp/129173-ssl-error.jpg What is the step by step procedure out of this problem? I have been trying to figure it out for the 4 days, Sounds elementary, but it's really...
View ArticleAfter upgrading to 6.4, why are our signed certs no longer accepted in...
After upgrading the to 6.4, Splunk web would no longer start:> Starting splunk server daemon (splunkd)> ... Done [ OK ]> Waiting for web server at https://127.0.0.1:8443 to be...
View ArticleUpgrading my Splunk Enterprise 6.2.x to 6.3.x did not upgrade the expiration...
I upgraded my instances as per https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html#answer-403312 , however, my default SSL certs ca.pem and cacert.pem are...
View ArticleSplunk App for NetApp Data ONTAP: After upgrade from 6.3.x to 6.4.0, why am I...
I am trying to connect to a 7mode Netapp filer, but I am having issues. The error I found using the search `index=_internal (source=*ontap* OR source=*hydra*) ERROR` gives the log line: 2016-05-20...
View Article"The request was aborted: Could not create SSL/TLS secure channel." when...
Hi, I enabled Http Event Collector in Global Settings of my Splunk Cloud instance and use https://xxxxxxxx.cloud.splunk.com:8088/services/collector/event as a post target url. When trying to send an...
View ArticleTrying to run the Distributed Management Console, getting "ERROR...
Hi, When trying to Run DMC (ha ha), I've noticed that it's failing to get the introspection data from the kvstore. 05-22-2016 17:52:08.996 +1000 ERROR KVStorageProvider - An error occurred during the...
View ArticleIs it possible to install the Splunk Support for Active Directory add-on on...
Hi, Is it possible or does it make sense to install the Splunk Support for Active Directory add-on on the domain controller with the universal forwarder? The topology is as follows: Domain Controller...
View ArticleWhy did our indexer stop receiving data from all forwarders last night with...
Hi all, Splunk Enterprise 6.2.3 (264376). Overnight, the indexer stopped receiving data from all of the forwarders. Up until that point, it was receiving data from them all fine without issues. The...
View ArticleHow to fix CIPHER mismatch error "no common encryption algorithm(s)" trying...
Trying to send logs to Splunk Cloud via HEC errors due to cipher mismatch between server and client. curl -k 'https://splunkserver.cloud.splunk.com:8088/services/collector/event/1.0' -H 'Authorization:...
View ArticleHow to edit my configuration to add SSL on forwarders with self signed...
I am working on adding SSL on forwarders with self signed certificates. Here is the /etc/system/local/outputs.conf [tcpout] defaultGroup = default-autolb-group [tcpout:default-autolb-group] server =...
View Article