I got these error on pretty much all of my splunk universal forwarder.
03-06-2017 12:25:27.743 +1300 ERROR AuditTrailManager - Private key error Error opening /opt/splunkforwarder/etc/auth/audit/private.pem: No such file or directory
03-06-2017 12:25:07.360 +1300 WARN AuditTrailManager - Private key file does not exist but is defined in audit.conf - no local event signing will take place. You can create auditTrail keys if necessary by running splunk createssl audit-keys
As you mentioned this is a bug. This message should be benign, particularly on a forwarder. However, if you need the two keys that are missing to utilize the signedAudit = true stanzas in inputs.conf, create the audit keys by issuing the following command from $SPLUNK_HOME/bin/:
./splunk createssl audit-keys
if you don't need to sign any events, remove the [auditTrail] stanza from $SPLUNK_HOME/etc/system/default/audit.conf.