30-2015 08:25:01.770 +0000 ERROR SSLCommon - Can't read certificate file /opt/splunk/etc/auth/splunkweb/XXX.key errno=151441516 error:0906D06C:PEM routines:PEM_read_bio:no start line

Hi , Thanks

can you please be more specific ? what exactly i need to do if i have a pfx file

Thanks

Hi, sure

Here is the procedure
https://wiki.splunk.com/Community:SplunkWeb_SSL_3rdPartyCA

But the main thing is that you first have to generate the .key before get the pfx in the procedure that i posted.

Hope i help you

So, the .key file is generated from splunk server , and the pem file is my wildcard certificate?

Thanks

Hi,

no.
1.- you generate the .key
2.- with the key you generate a certificate request .cer
3.- your company CA sign your .cer and give you de public CA and a certificate .pem
Then you configure splunk. 🙂

Hi
As i say, we already have a wildcard certificate from a 3rd party provider.

So,
you should have also the key of the certificate. How they generate this certificate?

Ok, i tried with convert my pfx file to private key using open ssl

then, i convert the pfx to pem file

tried to insert it to splunk:
$SPLUNK_HOME/etc/auth/splunkweb

in addition, i changed the web.conf file to the specific certificate names but after restart the server splunkweb is not opening (tried with http,https)

what logs i need to search for?

index=_internal