topic Re: Install Certificate over 8089 port in Getting Data In

Certificate

venkateshparank — Fri, 21 Aug 2020 18:49:19 GMT

When i try to access server through 8089 where Forwarder is installed, i am seeing Invalid certificate.

"This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."

How can i install self certification for 8089 port.

Re: Install Certificate over 8089 port

harsmarvania57 — Fri, 21 Aug 2020 12:18:00 GMT

Is this Universal Forwarder or Heavy Forwarder ? If it is UF then do you really need to access management port 8089 via browser ? In most of the cases we disable management port on UF.

Re: Install Certificate over 8089 port

venkateshparank — Fri, 21 Aug 2020 13:02:29 GMT

This is for UF. Usually we dont need to access management port 8089 via browser. I have disabled the HTTP port as well.

But our management wants to have it open and install self generated certificate.

Please suggest.

Re: Install Certificate over 8089 port

harsmarvania57 — Fri, 21 Aug 2020 13:58:13 GMT

You need to configure server.conf on UF with your self generated certificate. If you are using Deployment Server to for UF configuration then there might be possibility that once you implement certificate on UF, connectivity will break between UF and Deployment Server.

server.conf

[sslConfig] enableSplunkdSSL = true serverCert = The full path to the PEM format server certificate file. Default certificates ($SPLUNK_HOME/etc/auth/server.pem) are generated by Splunk at start. To secure Splunk, you should replace the default cert with your own PEM file. sslPassword = your_password sslRootCAPath = absolute path to the operating system's root CA (Certificate Authority) PEM format file containing one or more root CA. Do not configure this attribute on Windows.

Re: Install Certificate over 8089 port

venkateshparank — Fri, 21 Aug 2020 14:25:57 GMT

I placed .pem file under C:\Program Files\SplunkUniversalForwarder\etc\auth\

and added below in server.conf under C:\Program Files\SplunkUniversalForwarder\etc\system\local

[sslConfig]
enableSplunkdSSL = true
serverCert = C:\Program Files\SplunkUniversalForwarder\etc\auth\ufcert.pem

When i try restart UF, the service is not starting. it starts and stops quickly.

Re: Install Certificate over 8089 port

harsmarvania57 — Fri, 21 Aug 2020 14:28:34 GMT

Does your cert key encrypted ? If yes then you need to configure sslPassword in server.conf

Re: Install Certificate over 8089 port

venkateshparank — Fri, 21 Aug 2020 15:08:09 GMT

I see below error when i manually try to decrypt, i got below error:

No bootstrap configuration available for: \etc
Invalid setting for server.conf/[general]/legacyCiphers
Failed to write splunk.secret '\etc\auth\splunk.secret' file. errno=The handle i
s invalid.
File stat cannot be obtained on \etc\auth\splunk.secret.
Unable to get file status for mod-time on file \etc\auth\splunk.secret
error:00000000:lib(0):func(0):reason(0)
AES-GCM Decryption failed!

Splunkd.log:

08-21-2020 07:37:30.442 -0700 ERROR loader - win-service: Error running pre-flight-checks (_pclose returned 4).
08-21-2020 07:37:30.442 -0700 ERROR loader - win-service: Here is the output from running pre-flight-checks:
08-21-2020 07:37:30.442 -0700 ERROR loader - error:00000000:lib(0):func(0):reason(0)
08-21-2020 07:37:30.442 -0700 ERROR loader - AES-GCM Decryption failed!
08-21-2020 07:37:30.442 -0700 ERROR loader - Decryption operation failed: AES-GCM Decryption failed!
08-21-2020 07:37:30.442 -0700 ERROR loader - The certificate generation script did not generate the expected certificate file:C:\%ProgramFiles%\SplunkUniversalForwarder\etc\auth\ufcert.pem. Splunkd port communication will not work.
08-21-2020 07:37:30.442 -0700 ERROR loader - SSL certificate generation failed.
08-21-2020 07:37:30.442 -0700 ERROR loader - <<<<< EOF (pre-flight-checks)
Decryption operation failed: AES-GCM Decryption failed!
Decryption operation failed: AES-GCM Decryption failed!

Re: Install Certificate over 8089 port

venkateshparank — Fri, 21 Aug 2020 15:21:20 GMT

I reset SSL password, now i see below error only:

The certificate generation script did not generate the expected certificate file:C:\%ProgramFiles%\SplunkUniversalForwarder\etc\auth\ufcert.pem. Splunkd port communication will not work.
08-21-2020 08:13:53.406 -0700 ERROR loader - SSL certificate generation failed.

Re: Install Certificate over 8089 port

harsmarvania57 — Tue, 25 Aug 2020 10:47:37 GMT

Looks like ufcert.pem permission issue, splunk should not generate that certificate.