- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Error opening CA Certificate ca.pem
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just downloaded a new 6.1 copy of Splunk for FreeBSD. After a wget download and running (tar zxvf splunk-6.1.1-207789-freebsd-7.3-amd64.tgz), I felt I was ready to start Splunk. So I ran ( /opt/splunk/bin/splunk start) and this happened < SEE BELOW >.
Any ideas of what might be going on with the ca.pem file issue? I recently upgraded openssl to v1.0.1g. Could that be causing me issues? Or is there some step I've overlooked during the install?
Thanks,
Splunk> Like an F-18, bro.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _blocksignature _internal _introspection _thefishbucket history main summary
Done
New certs have been generated in '/opt/splunk/etc/auth'.
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
Starting splunkweb... Generating certs for splunkweb server
Generating a 1024 bit RSA private key
.....++++++
...........................++++++
writing new private key to 'privKeySecure.pem'
Signature ok
subject=/CN=DOMAIN.NAME/O=SplunkUser
Error opening CA Certificate ca.pem
34377709224:error:02001002:system library:fopen:No such file or
directory:bss_file.c:398:fopen('ca.pem','r')
34377709224:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
Command failed (ret=1), exiting.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For some reason, your startup didn't create the ca.pem on first-time run. You might try running /opt/splunk/bin/splunk cmd genRootCA.sh and see if it will create the file again.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
,Problem generating Certificate because phassphrase was in blank (CentOs)
I had a problem with my certificate because I left passphrase in blank, so then I could not generate another certificate or open the current one 😞
I tried deleting the cakey.pem from your $dir/CA/private
First at all check your openssl.cnf in CentOs is in /etc/pki/tls/openssl.cnf. Check the value dir=xxxxxxx
Enter in that path (example: /etc/pki/tls/openssl.cnf) and check $dir
Enter in $dir (example: /etc/pki/CA) and find /private
Deletes the key file cakey.pem
Now, everything should going back to normally.
Try to generate your Certificate again (example: $/etc/pki/tls/misc/CA -newca) and That's it!!!
Good luck and I hope this post will be helpful!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For some reason, your startup didn't create the ca.pem on first-time run. You might try running /opt/splunk/bin/splunk cmd genRootCA.sh and see if it will create the file again.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can try ./splunk createssl web-cert to get the splunkweb certificate. If that doesn't work, it may be because the hashed password for the certificate in /opt/splunk/etc/system/local/server.conf in sslKeysFilePassword is now wrong after the regeneration. You can replace that with plaintext password (that's the default password, you can change it with openssl) and Splunk will re-hash it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks like running genRootCA.sh solved my Certificate issues. Thanks. Although it appears splunkweb is failing to kick in. I'll troubleshoot that issue and see if I need to open a new Question.
Thanks.
.
.
.
New certs have been generated in '/opt/splunk/etc/auth'.
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
Starting splunkweb... Error starting splunkweb.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To Update, it looks like I've narrowed the issue to (openssl).
root@:/opt/splunk # /usr/bin/openssl req -new -key FILENAME.pem -out FILENAME.csr
Error opening Private Key FILENAME.pem
34381428392:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('FILENAME.pem','r')
34381428392:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load Private Key
I also found this helpful link with another having a similar issue: http://answers.splunk.com/answers/44718/splunkweb-certificates-issue
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
