Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Error opening CA Certificate ca.pem

albyva
Communicator
‎05-26-2014 05:03 PM

I just downloaded a new 6.1 copy of Splunk for FreeBSD. After a wget download and running (tar zxvf splunk-6.1.1-207789-freebsd-7.3-amd64.tgz), I felt I was ready to start Splunk. So I ran ( /opt/splunk/bin/splunk start) and this happened < SEE BELOW >.

Any ideas of what might be going on with the ca.pem file issue? I recently upgraded openssl to v1.0.1g. Could that be causing me issues? Or is there some step I've overlooked during the install?

Thanks,

Splunk> Like an F-18, bro.

Checking prerequisites...

    Checking http port [8000]: open

    Checking mgmt port [8089]: open

    Checking configuration...  Done.

    Checking critical directories...        Done

    Checking indexes...

            Validated: _audit _blocksignature _internal _introspection _thefishbucket history main summary

    Done

New certs have been generated in '/opt/splunk/etc/auth'.

    Checking filesystem compatibility...  Done

    Checking conf files for problems...

    Done

All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Done

Starting splunkweb... Generating certs for splunkweb server

Generating a 1024 bit RSA private key

.....++++++

...........................++++++

writing new private key to 'privKeySecure.pem'

Signature ok

subject=/CN=DOMAIN.NAME/O=SplunkUser

Error opening CA Certificate ca.pem

34377709224:error:02001002:system library:fopen:No such file or
directory:bss_file.c:398:fopen('ca.pem','r')

34377709224:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:

unable to load certificate

Command failed (ret=1), exiting.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎05-26-2014 06:25 PM

For some reason, your startup didn't create the ca.pem on first-time run. You might try running /opt/splunk/bin/splunk cmd genRootCA.sh and see if it will create the file again.

View solution in original post

Reply
Solved! Jump to solution

aileencita
New Member
‎03-18-2015 10:56 AM

,Problem generating Certificate because phassphrase was in blank (CentOs)

I had a problem with my certificate because I left passphrase in blank, so then I could not generate another certificate or open the current one 😞

I tried deleting the cakey.pem from your $dir/CA/private

First at all check your openssl.cnf in CentOs is in /etc/pki/tls/openssl.cnf. Check the value dir=xxxxxxx
Enter in that path (example: /etc/pki/tls/openssl.cnf) and check $dir

Enter in $dir (example: /etc/pki/CA) and find /private
Deletes the key file cakey.pem

Now, everything should going back to normally.

Try to generate your Certificate again (example: $/etc/pki/tls/misc/CA -newca) and That's it!!!

Good luck and I hope this post will be helpful!

0 Karma
Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎05-26-2014 06:25 PM

For some reason, your startup didn't create the ca.pem on first-time run. You might try running /opt/splunk/bin/splunk cmd genRootCA.sh and see if it will create the file again.

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎05-27-2014 08:37 AM

You can try ./splunk createssl web-cert to get the splunkweb certificate. If that doesn't work, it may be because the hashed password for the certificate in /opt/splunk/etc/system/local/server.conf in sslKeysFilePassword is now wrong after the regeneration. You can replace that with plaintext password (that's the default password, you can change it with openssl) and Splunk will re-hash it.

0 Karma
Reply
Solved! Jump to solution

albyva
Communicator
‎05-27-2014 06:10 AM

It looks like running genRootCA.sh solved my Certificate issues. Thanks. Although it appears splunkweb is failing to kick in. I'll troubleshoot that issue and see if I need to open a new Question.

Thanks.

.
.
.
New certs have been generated in '/opt/splunk/etc/auth'.
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Done

Starting splunkweb... Error starting splunkweb.

Reply
Solved! Jump to solution

albyva
Communicator
‎05-26-2014 05:32 PM

To Update, it looks like I've narrowed the issue to (openssl).

root@:/opt/splunk # /usr/bin/openssl req -new -key FILENAME.pem -out FILENAME.csr
Error opening Private Key FILENAME.pem
34381428392:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('FILENAME.pem','r')
34381428392:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load Private Key

I also found this helpful link with another having a similar issue: http://answers.splunk.com/answers/44718/splunkweb-certificates-issue

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...