topic Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ? in All Apps and Add-ons

Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

scottrunyon — Wed, 05 Oct 2016 15:10:43 GMT

After upgrading from Splunk Enterprise 6.4.3 to 6.5.0, the ldapsearch in Splunk Supporting Add-on for Active Directory (2.1.3) is now getting the error - "SSL configuration issue: invalid CA public key file". Searches worked before the upgrade.

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

jmaple — Tue, 11 Oct 2016 13:32:07 GMT

This is likely due to the way that Splunk changed the SSL key-value pairs in version 6.5.0. Did you update your local server.conf and ssl.conf configurations with the new SSL stanzas?

sslRootCAPath = 
* Full path to the operating system's root CA (Certificate Authority)
  certificate store.
* The  must refer to a PEM format file containing one or more root CA
  certificates concatenated together.
* Required for Common Criteria.
* NOTE: Splunk plans to submit Splunk Enterprise for Common Criteria
  evaluation. Splunk does not support using the product in Common
  Criteria mode until it has been certified by NIAP. See the "Securing
  Splunk Enterprise" manual for information on the status of Common
  Criteria certification.
* This setting is not used on Windows.
* Default is unset.'

caCertFile = 
'* DEPRECATED; use 'sslRootCAPath' instead.
* Used only if 'sslRootCAPath' is unset.
* File name (relative to 'caPath') of the CA (Certificate Authority)
  certificate PEM format file containing one or more certificates concatenated
  together.
* Default is cacert.pem.'

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

scottrunyon — Tue, 11 Oct 2016 14:05:16 GMT

I am running on Windows Server, is this still valid?

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

jmaple — Tue, 11 Oct 2016 14:10:36 GMT

Because the documentation doesn't give a Windows alternative, I believe it's your best bet to give a try and see if it gets fixed. Otherwise I'd open a ticket with Splunk support.

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

reswob4 — Wed, 19 Oct 2016 13:05:40 GMT

I fixed this by turning off the SSL connection to the Domain Controller.

My next task is to figure out what changed with the DC certificate and get that updated.

I have Splunk Supporting Add-on for Active Directory 2.1.3, but I found the answer in the docs for version 1.2.2

From http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/ConfiguretheSA-ldapsearchsupportingaddon

Whether or not SA-ldapsearch should attempt to connect to the GC server using Secure Sockets Layer (SSL). Set to true to connect with SSL and false to connect without SSL.

Important: If you specify true for this attribute, then the GC server you specify must have a valid SSL certificate installed. For additional information, review "How to enable LDAP over SSL with a third-party certification authority" (http://support.microsoft.com/kb/321051) and "How to troubleshoot LDAP over SSL connection problems" (http://support.microsoft.com/kb/938703) on Microsoft's support site. Defaults to false.

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

scottrunyon — Wed, 19 Oct 2016 20:11:40 GMT

I opened a ticket with with support. To resolve my issue i added a ssl.conf to \etc\system\local.

ssl.conf contained -

[sslConfig]

sslVersions = tls
caCertFile = E:\Splunk\etc\auth\cacert.pem

Note - entire path was needed to get it to see the cert.

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

reswob4 — Thu, 20 Oct 2016 11:44:44 GMT

I'm glad that solution worked for you. Unfortunately, it did not work for me.

The docs for the add-on (http://docs.splunk.com/Documentation/SA-LdapSearch/2.1.3/User/ConfiguretheSplunkSupportingAdd-onforActiveDirectory) say ssl.conf should be in $SPLUNK_HOME/etc/apps/SA-ldapsearch/local.

So here is the ssl.conf file I created:

[sslconfig]
sslVersions = tls
caCertFile=/opt/splunk/etc/auth/cacert.pem

I then re-enabled SSL to the DC.

But after I restarted Splunk, with the ssl.conf in the $SPLUNK_HOME/etc/apps/SA-ldapsearch/local folder, I get the original error. If I put ssl.conf in the location suggested by tech support, I get the following errors on restart:

Invalid key in stanza [sslconfig] in /opt/splunk/etc/system/local/ssl.conf, line 2: sslVersions  (value:  tls).
Invalid key in stanza [sslconfig] in /opt/splunk/etc/system/local/ssl.conf, line 3: caCertFile (value: /opt/splunk/etc/auth/cacert.pem).

AND I still get the original error.

So I guess I'm going to have to open my own ticket.

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

dewald13 — Thu, 20 Oct 2016 13:33:23 GMT

This also worked for me...just added the below in the local ssl.conf;

caCertFile = E:\Splunk\etc\auth\cacert.pem

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

ttchorz — Mon, 31 Oct 2016 13:14:20 GMT

This also helped me solving the issue.

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

jreuter_splunk — Thu, 23 Mar 2017 23:26:48 GMT

sslConfig is case sensitive.

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

aliakseidzianis — Fri, 24 Mar 2017 17:41:27 GMT

Don't put a full path on the CertFile. This worked for me:

[sslConfig]
sslVersions = tls
caCertFile = cacert.pem

FYI: support also said that it is there by default in v2.1.4 of the SA-ldapsearch app. So if it does not work for you, you may try upgrading.

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on f

memarshall63 — Mon, 14 Jun 2021 19:00:56 GMT

My situation with this error:

I had established my own certs (including a CACert.pem file) and placed them in a folder:

/opt/splunk/etc/auth/my_certs

... and everything worked fine, except for ldap-search it was complaining of an 'invalid CA public key file'

in the SA-ldapsearch/default folder is the file ssl.conf with an entry:

[sslConfig]

sslVersions = tls

caCertFile = cacert.pm

Well.. because my CA cert was named "CACert.pem" -- the add-on couldn't find it.

I copied my CACert.pem to 'cacert.pem' -- and everything worked well again.

@jreuter_splunk wrote:
sslConfig is case sensitive.

Indeed it is.

Good luck.