Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

System not hashing sslPassword server.conf

edwardrose
Contributor
‎07-25-2019 11:51 AM

Hello All

I am creating an app that will have all the SSL certs and pem files in it. As part of the app I have the following server.conf file and web.conf file.

[sslConfig]
enableSplunkdSSL = 1
allowSslCompression = false
useClientSSLCompression = false
useSplunkdClientSSLCompression = false
sslVersions = tls1.1, tls1.2
sslVersionsForClient = tls1.1, tls1.2
serverCert = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/key_server_cert.pem
sslRootCAPath = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/digicert_ca_certs.pem
sslPassword = ez2019Test



[settings]
privKeyPath = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/wildcard.wv.mentorg.com.key
serverCert = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/server_inter_root_certs.pem
sslPassword = ez2019Test
splunkdConnectionTimeout = 1400
tools.sessions.timeout = 180

The issue I am having is that the .conf files are not encrypting the password into a hash format and thus the system is failing to check into the deployment server with the following error:

07-25-2019 11:46:33.227 -0700 ERROR SSLCommon - Can't read key file /opt/splunkforwarder/etc/apps/mentor_ssl_config/mycerts/key_server_cert.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt.
07-25-2019 11:46:33.227 -0700 ERROR HTTPClient - Couldn't initialize SSL Context for HTTPClient in Deployment Client

So the question is why isn't it encrypting the SSLPassword for the server.conf file or the web.conf file in my app?

thanks
ed

0 Karma
Reply

edwardrose
Contributor
‎07-25-2019 11:57 AM

Ok figured it out. /opt/splunkforwarder/etc/system/local/server.conf had sslPassword defined. This caused the app in /opt/splunkforwarder/etc/apps/ssl_config/local/server.conf not to be encrypted. If you ask me that seems like a bug even though etc/system/local takes precedence over etc/apps/ssl_config/local. Splunk should still encrypt the file.

Reply

jasonlashua
Explorer
3 weeks ago

SIX years later and this is still the behavior. Why is this even allowed to persist?

The DESIGN of your software practically means the only foolproof way to deploy ssl is to use the password "password" because splunk *just might not* feel like re-hashing anything. 

Do YOU think it's worth your time to fix this for the love of the hundreds of millions of dollars you've earned?

@splunk You owe me and my partner some hair. 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
3 weeks ago
You should rise a support ticket if you are paid customer otherwise create an idea for this in ideas.splunk.com. Community is not an official Splunk support forum and they don’t take and create cases by questions which are asked here.
0 Karma
Reply

edwardrose
Contributor
‎07-25-2019 12:00 PM

well it took care of the server.conf but the web.conf sslPassword is still unencrypted 😞

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top