Getting Data In

When trying to create a self-sign certificate, why am I receiving "unknown option -config" and "can't open config file" errors?

marcmuher
Explorer

Using Splunk 6.5.1 on Windows Server 2012 R2. Pretty standard installation, one server with Splunk installed on the D drive and a bunch of forwarders.

I'm trying to generate a self-signed certificate using these directions:

http://docs.splunk.com/Documentation/Splunk/6.5.1/Security/Self-signcertificatesforSplunkWeb

When I get to step 4, I put in this line from the d:\splunk\bin directory after (after changing the end from $splunk_home\openssl.cnf)

openssl req -new -key myCAPrivateKey.key -out myCACertificate.csr  -config d:\splunk\openssl.cnf

I get the message

 "WARNING: can't open config file: C:\\wrangler-2.0\\build-home\\ivory/ssl/openssl.cnf 

but it still creates the private key.

The next step, I enter (after again changing the end from $splunk_home\openssl.cnf)

openssl x509 -req -in myCACertificate.csr -signkey myCAPrivateKey.key -out myCACertificate.pem -days 3650  -config d:\splunk\openssl.cnf

I get the reply:

WARNING: can't open config file: C:\\wrangler-2.0\build-home\\ivory/ssl/openssl.cnf

And there I'm stuck. Anyone have any ideas?

dstaulcu
Builder

Do you use btool? (eg. splunk cmd btool ). As you may recall, passing btool as an arg to splunk cmd ensures that the btool process inherits expected environment variables.

For the same reasons, prepend your call to openssl with splunk cmd. (eg. splunk cmd openssl )

BrendanCO
Path Finder

This worked for me, setting up the Cisco eStreamer app. I used the "splunk cmd openssl" command instead of just openssl and it fixed the errors of not finding config files and such! Thank you. 

0 Karma

rbreton
Path Finder

I came across the same issue. From what I gather, OpenSSL can't find a required configuration file. Luckily when installing Splunk the necessary file is placed in "c:\Program Files\Splunk\openssl.cnf". Unfortunately, installing Splunk does not set the %OPENSSL_CONF% system variable that points to the file.

Use the following to see if the system variable is set:
echo %OPENSSL_CONF%

If the variable is not set you can tell Windows to use the configuration file provided by Splunk.
set OPENSSL_CONF=c:\Program Files\Splunk\openssl.cnf

Tags (1)

dhrechkosy
Explorer

Hi,

I'm having this exact issue (Same build and server os). Did you ever find a solution for this?

Thanks,
Devyn

sirkgm14vg
Explorer

Are you trying to do this on Linux machine, or on a Windows machine? I see references to C:\ but then switching of the folder separator. That's more than likely the issue.

0 Karma

marcmuher
Explorer

It's a windows machine. Server 2012 R2. The switching of the folder separators are the replies that I'm getting, not the input.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...