Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

unable to access the webUI, and im getting this error in my splunkd.log..anyone know how to fix this?

jbsplunk
Splunk Employee
Splunk Employee
‎01-27-2012 10:53 AM 
01-24-2012 17:35:39.483 -0800 ERROR SSLCommon - Can't read key file /opt/splunk/etc/auth/server.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt.
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL context could not be created - error in cert or password is wrong
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL will not be enable
Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎01-27-2012 12:09 PM

I just had a similar problem where my server.conf was configured with the incorrect password:

[sslConfig]
sslKeysfilePassword = KingOfKrunk

You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:

$SPLUNK_HOME/bin/genSignedServerCert.sh

this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf

View solution in original post

Reply
Solved! Jump to solution

season88481
Contributor
‎04-08-2019 02:43 PM

In my case, since I am not using any SSL encryption for my test Splunk instance. I simply backup/remove both /opt/splunk/etc/system/local/server.conf and the /opt/splunk/etc/auth/server.pem file. Then restart splunkd, this fix my issue.

0 Karma
Reply
Solved! Jump to solution

watsm10
Communicator
‎06-30-2014 02:34 AM

We just encountered the same problem after upgrading from Splunk 5 to Splunk 6.1. We overcame the issue by commenting out the [sslconfig] stanza in server.conf and restarting splunkd. This forces Splunk to generate a new SSL password and all checks passed on start up.

Reply
Solved! Jump to solution

sbarr0
Explorer
‎01-20-2015 10:54 AM

This worked perfectly for me.

Thank you!

0 Karma
Reply
Solved! Jump to solution

neelamsantosh
Path Finder
‎01-28-2016 06:07 AM

Superb, Thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎01-27-2012 12:09 PM

I just had a similar problem where my server.conf was configured with the incorrect password:

[sslConfig]
sslKeysfilePassword = KingOfKrunk

You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:

$SPLUNK_HOME/bin/genSignedServerCert.sh

this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf

Reply
Solved! Jump to solution

dlang
Engager
‎06-14-2012 01:05 PM

as of 4.3

NOTE: This script is deprecated. Instead, use "splunk createssl server-cert".

Reply
Solved! Jump to solution

Sqig
Path Finder
‎01-27-2012 11:01 AM

A few things come to mind initially.

  1. Did your /opt/splunk/etc/auth/splunk.secret file change?
  2. Are you perhaps running Splunk as a different user than usual? For example, if you used to run it as user "root" and are now trying to run it as user "splunk", some things won't work until you chown -R your entire Splunk hierarchy.
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...