All Apps and Add-ons
Highlighted

Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Contributor

After upgrading from Splunk Enterprise 6.4.3 to 6.5.0, the ldapsearch in Splunk Supporting Add-on for Active Directory (2.1.3) is now getting the error - "SSL configuration issue: invalid CA public key file". Searches worked before the upgrade.

Highlighted

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Communicator

This is likely due to the way that Splunk changed the SSL key-value pairs in version 6.5.0. Did you update your local server.conf and ssl.conf configurations with the new SSL stanzas?

sslRootCAPath = 
* Full path to the operating system's root CA (Certificate Authority)
  certificate store.
* The  must refer to a PEM format file containing one or more root CA
  certificates concatenated together.
* Required for Common Criteria.
* NOTE: Splunk plans to submit Splunk Enterprise for Common Criteria
  evaluation. Splunk does not support using the product in Common
  Criteria mode until it has been certified by NIAP. See the "Securing
  Splunk Enterprise" manual for information on the status of Common
  Criteria certification.
* This setting is not used on Windows.
* Default is unset.'

caCertFile = 
'* DEPRECATED; use 'sslRootCAPath' instead.
* Used only if 'sslRootCAPath' is unset.
* File name (relative to 'caPath') of the CA (Certificate Authority)
  certificate PEM format file containing one or more certificates concatenated
  together.
* Default is cacert.pem.'

View solution in original post

Highlighted

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Contributor

I am running on Windows Server, is this still valid?

0 Karma
Highlighted

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Communicator

Because the documentation doesn't give a Windows alternative, I believe it's your best bet to give a try and see if it gets fixed. Otherwise I'd open a ticket with Splunk support.

0 Karma
Highlighted

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Contributor

I opened a ticket with with support. To resolve my issue i added a ssl.conf to \etc\system\local.

ssl.conf contained -

[sslConfig]

sslVersions = tls
caCertFile = E:\Splunk\etc\auth\cacert.pem

Note - entire path was needed to get it to see the cert.

Highlighted

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Path Finder

This also worked for me...just added the below in the local ssl.conf;

caCertFile = E:\Splunk\etc\auth\cacert.pem

0 Karma
Highlighted

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Path Finder

This also helped me solving the issue.

0 Karma
Highlighted

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Builder

I fixed this by turning off the SSL connection to the Domain Controller.

My next task is to figure out what changed with the DC certificate and get that updated.

I have Splunk Supporting Add-on for Active Directory 2.1.3, but I found the answer in the docs for version 1.2.2

From http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/ConfiguretheSA-ldapsearchsupport...

Whether or not SA-ldapsearch should attempt to connect to the GC server using Secure Sockets Layer (SSL). Set to true to connect with SSL and false to connect without SSL.

Important: If you specify true for this attribute, then the GC server you specify must have a valid SSL certificate installed. For additional information, review "How to enable LDAP over SSL with a third-party certification authority" (http://support.microsoft.com/kb/321051) and "How to troubleshoot LDAP over SSL connection problems" (http://support.microsoft.com/kb/938703) on Microsoft's support site. Defaults to false.
0 Karma
Highlighted

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Builder

I'm glad that solution worked for you. Unfortunately, it did not work for me.

The docs for the add-on (http://docs.splunk.com/Documentation/SA-LdapSearch/2.1.3/User/ConfiguretheSplunkSupportingAdd-onforA...) say ssl.conf should be in $SPLUNK_HOME/etc/apps/SA-ldapsearch/local.

So here is the ssl.conf file I created:

[sslconfig]
sslVersions = tls
caCertFile=/opt/splunk/etc/auth/cacert.pem

I then re-enabled SSL to the DC.

But after I restarted Splunk, with the ssl.conf in the $SPLUNK_HOME/etc/apps/SA-ldapsearch/local folder, I get the original error. If I put ssl.conf in the location suggested by tech support, I get the following errors on restart:

Invalid key in stanza [sslconfig] in /opt/splunk/etc/system/local/ssl.conf, line 2: sslVersions  (value:  tls).
Invalid key in stanza [sslconfig] in /opt/splunk/etc/system/local/ssl.conf, line 3: caCertFile (value: /opt/splunk/etc/auth/cacert.pem).

AND I still get the original error.

So I guess I'm going to have to open my own ticket.

0 Karma
Highlighted

Re: Why am I now getting "SSL configuration issue: invalid CA public key file" from Splunk Supporting Add-on for Active Directory after upgrading ?

Path Finder

sslConfig is case sensitive.

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.