I am creating an app that will have all the SSL certs and pem files in it. As part of the app I have the following server.conf file and web.conf file.
[sslConfig] enableSplunkdSSL = 1 allowSslCompression = false useClientSSLCompression = false useSplunkdClientSSLCompression = false sslVersions = tls1.1, tls1.2 sslVersionsForClient = tls1.1, tls1.2 serverCert = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/key_server_cert.pem sslRootCAPath = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/digicert_ca_certs.pem sslPassword = ez2019Test [settings] privKeyPath = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/wildcard.wv.mentorg.com.key serverCert = $SPLUNK_HOME/etc/apps/mentor_ssl_config/mycerts/server_inter_root_certs.pem sslPassword = ez2019Test splunkdConnectionTimeout = 1400 tools.sessions.timeout = 180
The issue I am having is that the .conf files are not encrypting the password into a hash format and thus the system is failing to check into the deployment server with the following error:
07-25-2019 11:46:33.227 -0700 ERROR SSLCommon - Can't read key file /opt/splunkforwarder/etc/apps/mentor_ssl_config/mycerts/key_server_cert.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt. 07-25-2019 11:46:33.227 -0700 ERROR HTTPClient - Couldn't initialize SSL Context for HTTPClient in Deployment Client
So the question is why isn't it encrypting the SSLPassword for the server.conf file or the web.conf file in my app?
Ok figured it out. /opt/splunkforwarder/etc/system/local/server.conf had sslPassword defined. This caused the app in /opt/splunkforwarder/etc/apps/ssl_config/local/server.conf not to be encrypted. If you ask me that seems like a bug even though etc/system/local takes precedence over etc/apps/ssl_config/local. Splunk should still encrypt the file.