We encountered some error on default certificates that are expiring. WE renewed the certificates but now we want to know if there is a command to check when will a certificate expire. I tried this command:
/opt/splunk/bin/openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
However, I am getting message:
/opt/splunk/bin/openssl: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory
Thanks in advance.
As others have pointed out, the openssl library can of course be used. But, if you wanted to specifically hit the openssl binary from Splunk:
/opt/splunk/bin/splunk cmd openssl x509 -enddate -noout -in <PATH TO CERTIFICATE>
If you want to use the Splunk internal openssl, you have to source setSplunkEnv first. To `source` something in linux you can use the command source or like in my example a . (dot)
$: which openssl
/bin/openssl
$: . /opt/splunk/bin/setSplunkEnv
Tab-completion of "splunk <verb> <object>" is available.
$: which openssl
~/bin/openssl
Hello @leirga11
Update: you can just use the system's version of openssl (without /opt/splunk/bin/ 😞
openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
is this a tgz splunk setup? Check that a corresponding libssl file present. Use strace -e open to check which files are being opened.
ldd - print shared library dependencies
$ ldd /opt/splunk/bin/openssl
linux-vdso.so.1 => (0x00007ffe6c3c4000)
libssl.so.1.0.0 => /opt/splunk/lib/libssl.so.1.0.0 (0x00007f7a76613000)
libcrypto.so.1.0.0 => /opt/splunk/lib/libcrypto.so.1.0.0 (0x00007f7a7618c000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f7a75f88000)
libz.so.1 => /opt/splunk/lib/libz.so.1 (0x00007f7a765ee000)
libc.so.6 => /lib64/libc.so.6 (0x00007f7a75bba000)
/lib64/ld-linux-x86-64.so.2 (0x00007f7a76469000)
openssl - expected behaviour:
$ /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
bf:66:ed:f8:8d:d2:74:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
Validity
Not Before: Feb 8 13:40:25 2020 GMT
Not After : Feb 7 13:40:25 2023 GMT
...
strace - trace system calls and signals
$ strace -e open /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
open("/opt/splunk/lib/tls/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/tls/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
open("/opt/splunk/lib/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3