topic Re: System not hashing sslPassword server.conf in Deployment Architecture

System not hashing sslPassword server.conf

edwardrose — Thu, 25 Jul 2019 18:51:26 GMT

Hello All

I am creating an app that will have all the SSL certs and pem files in it. As part of the app I have the following server.conf file and web.conf file.

[sslConfig]
enableSplunkdSSL = 1
allowSslCompression = false
useClientSSLCompression = false
useSplunkdClientSSLCompression = false
sslVersions = tls1.1, tls1.2
sslVersionsForClient = tls1.1, tls1.2
serverCert = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/key_server_cert.pem
sslRootCAPath = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/digicert_ca_certs.pem
sslPassword = ez2019Test



[settings]
privKeyPath = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/wildcard.wv.mentorg.com.key
serverCert = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/server_inter_root_certs.pem
sslPassword = ez2019Test
splunkdConnectionTimeout = 1400
tools.sessions.timeout = 180

The issue I am having is that the .conf files are not encrypting the password into a hash format and thus the system is failing to check into the deployment server with the following error:

07-25-2019 11:46:33.227 -0700 ERROR SSLCommon - Can't read key file /opt/splunkforwarder/etc/apps/mentor_ssl_config/mycerts/key_server_cert.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt.
07-25-2019 11:46:33.227 -0700 ERROR HTTPClient - Couldn't initialize SSL Context for HTTPClient in Deployment Client

So the question is why isn't it encrypting the SSLPassword for the server.conf file or the web.conf file in my app?

thanks
ed

Re: System not hashing sslPassword server.conf

edwardrose — Wed, 30 Sep 2020 01:30:48 GMT

Ok figured it out. /opt/splunkforwarder/etc/system/local/server.conf had sslPassword defined. This caused the app in /opt/splunkforwarder/etc/apps/ssl_config/local/server.conf not to be encrypted. If you ask me that seems like a bug even though etc/system/local takes precedence over etc/apps/ssl_config/local. Splunk should still encrypt the file.

Re: System not hashing sslPassword server.conf

edwardrose — Thu, 25 Jul 2019 19:00:29 GMT

well it took care of the server.conf but the web.conf sslPassword is still unencrypted 😞

Re: System not hashing sslPassword server.conf

jasonlashua — Thu, 17 Apr 2025 19:27:37 GMT

SIX years later and this is still the behavior. Why is this even allowed to persist?

The DESIGN of your software practically means the only foolproof way to deploy ssl is to use the password "password" because splunk *just might not* feel like re-hashing anything.

Do YOU think it's worth your time to fix this for the love of the hundreds of millions of dollars you've earned?

@splunk You owe me and my partner some hair.

Re: System not hashing sslPassword server.conf

isoutamo — Thu, 17 Apr 2025 20:34:50 GMT

You should rise a support ticket if you are paid customer otherwise create an idea for this in ideas.splunk.com. Community is not an official Splunk support forum and they don’t take and create cases by questions which are asked here.