In server.conf.spec, it is indicated that requireClientCert = true can be set to require HTTPS clients connecting to splunkd to present a certificate signed by the CA whose public certificate we define in caCertFile in server.conf.spec :
requireClientCert = [true|false]
Requires that any HTTPS client that connects to splunkds internal HTTPS server has a certificate that was signed by our certificate authority.
Used by distributed search: Splunk indexing instances must be authenticated to connect to another splunk indexing instance.
Used by distributed deployment: The deployment server requires that deployment clients are authenticated before allowing them to poll for new configurations/applications.
If true, a client can connect ONLY if a certificate created by our certificate authority was used on that client.
Default is false
However, this appears to break communication between the CLI and splunkd :
[root@hostname local]# splunk login
Splunk username: admin
Password:
Couldn't get auth token: Couldn't complete HTTP request:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
From web_service.log:
SplunkdConnectionException: Splunkd daemon is not responding: ('[Errno 1] _ssl.c:485: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure',)
2011-04-14 14:19:22,335 ERROR [4da73aaa551ece7d0] startup:52 - Unable to read in product version information; Splunkd daemon is not responding: ('[Errno 1] _ssl.c:485: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure',)
2011-04-14 14:19:22,336 ERROR [4da73aaa551ece7d0] decorators:361 - Splunkd daemon is not responding: ('[Errno 1] _ssl.c:485:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure',)
asked
26 Jan, 13:11
hexx ♦
7.6k●1●9●41
accept rate:
51%
