Security

Why am I unable to use dhfile and 2048 encryption in Splunk Web?

tlam_splunk
Splunk Employee
Splunk Employee

We have a problem trying to configure the web.conf in Splunk v652 using dhFile at 2048 encryption in Window server.

The web.conf line is this

dhFile = $SPLUNK_HOME\etc\auth\splunkweb\DH2048.pem 

We use the following command to generate it.

#openssl.exe gendh -out "c:\program files\splunk\etc\auth\splunkweb\DH_2048.pem" 2048 

After set it up, the Splunk Web will not start

see below for the log file

INFO    [58b61fb8082234be0] root:650 - CONFIG: dhFile (str): $SPLUNK_HOME\etc\auth\splunkweb\DH_2048.pem 
INFO    [58b61fb8082234be0] root:650 - CONFIG: docsCheckerBaseURL (str): https://quickdraw.splunk.com/help 
INFO    [58b61fb8082234be0] root:650 - CONFIG: ecdhCurves (str): secp384r1,secp521r1 
INFO    [58b61fb8082234be0] root:650 - CONFIG: embed_footer (str): splunk>
INFO    [58b61fb8082234be0] root:650 - CONFIG: embed_uri (str): 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enableSplunkWebClientNetloc (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enableSplunkWebSSL (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enableWebDebug (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_autocomplete_login (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_gzip (bool): True 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_insecure_login (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_pivot_adhoc_acceleration (bool): True 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_proxy_write (bool): True 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_risky_command_check (bool): True 
0 Karma

jcrabb_splunk
Splunk Employee
Splunk Employee

Just in case someone runs across this post. The solution is to put quotes around the setting:

dhFile = "$SPLUNK_HOME\etc\auth\splunkweb\DH2048.pem "

This same solution was also provided on another answers post:

I ran into a similar issue where if this was applied in server.conf without quotes, the splunk service would not start on Windows 2008 or 2012. A linux server was not affected. I have opened a bug to have this reviewed but wanted to comment here so others can see this.

Jacob
Sr. Technical Support Engineer

xavierashe
Contributor

I don't see any errors there. Look in your log files for "ERROR".

0 Karma