Getting Data In

When trying to create a self-sign certificate, why am I receiving "unknown option -config" and "can't open config file" errors?

marcmuher
Explorer

Using Splunk 6.5.1 on Windows Server 2012 R2. Pretty standard installation, one server with Splunk installed on the D drive and a bunch of forwarders.

I'm trying to generate a self-signed certificate using these directions:

http://docs.splunk.com/Documentation/Splunk/6.5.1/Security/Self-signcertificatesforSplunkWeb

When I get to step 4, I put in this line from the d:\splunk\bin directory after (after changing the end from $splunk_home\openssl.cnf)

openssl req -new -key myCAPrivateKey.key -out myCACertificate.csr  -config d:\splunk\openssl.cnf

I get the message

 "WARNING: can't open config file: C:\\wrangler-2.0\\build-home\\ivory/ssl/openssl.cnf 

but it still creates the private key.

The next step, I enter (after again changing the end from $splunk_home\openssl.cnf)

openssl x509 -req -in myCACertificate.csr -signkey myCAPrivateKey.key -out myCACertificate.pem -days 3650  -config d:\splunk\openssl.cnf

I get the reply:

WARNING: can't open config file: C:\\wrangler-2.0\build-home\\ivory/ssl/openssl.cnf

And there I'm stuck. Anyone have any ideas?

dstaulcu
Builder

Do you use btool? (eg. splunk cmd btool ). As you may recall, passing btool as an arg to splunk cmd ensures that the btool process inherits expected environment variables.

For the same reasons, prepend your call to openssl with splunk cmd. (eg. splunk cmd openssl )

BrendanCO
Path Finder

This worked for me, setting up the Cisco eStreamer app. I used the "splunk cmd openssl" command instead of just openssl and it fixed the errors of not finding config files and such! Thank you. 

0 Karma

rbreton
Path Finder

I came across the same issue. From what I gather, OpenSSL can't find a required configuration file. Luckily when installing Splunk the necessary file is placed in "c:\Program Files\Splunk\openssl.cnf". Unfortunately, installing Splunk does not set the %OPENSSL_CONF% system variable that points to the file.

Use the following to see if the system variable is set:
echo %OPENSSL_CONF%

If the variable is not set you can tell Windows to use the configuration file provided by Splunk.
set OPENSSL_CONF=c:\Program Files\Splunk\openssl.cnf

Tags (1)

dhrechkosy
Explorer

Hi,

I'm having this exact issue (Same build and server os). Did you ever find a solution for this?

Thanks,
Devyn

sirkgm14vg
Explorer

Are you trying to do this on Linux machine, or on a Windows machine? I see references to C:\ but then switching of the folder separator. That's more than likely the issue.

0 Karma

marcmuher
Explorer

It's a windows machine. Server 2012 R2. The switching of the folder separators are the replies that I'm getting, not the input.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...