Security

unable to access the webUI, and im getting this error in my splunkd.log..anyone know how to fix this?

jbsplunk
Splunk Employee
Splunk Employee
01-24-2012 17:35:39.483 -0800 ERROR SSLCommon - Can't read key file /opt/splunk/etc/auth/server.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt.
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL context could not be created - error in cert or password is wrong
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL will not be enable
Tags (1)
1 Solution

Chubbybunny
Splunk Employee
Splunk Employee

I just had a similar problem where my server.conf was configured with the incorrect password:

[sslConfig]
sslKeysfilePassword = KingOfKrunk

You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:

$SPLUNK_HOME/bin/genSignedServerCert.sh

this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf

View solution in original post

season88481
Contributor

In my case, since I am not using any SSL encryption for my test Splunk instance. I simply backup/remove both /opt/splunk/etc/system/local/server.conf and the /opt/splunk/etc/auth/server.pem file. Then restart splunkd, this fix my issue.

0 Karma

watsm10
Communicator

We just encountered the same problem after upgrading from Splunk 5 to Splunk 6.1. We overcame the issue by commenting out the [sslconfig] stanza in server.conf and restarting splunkd. This forces Splunk to generate a new SSL password and all checks passed on start up.

WumboJumbo675
Explorer

Thanks so much. This 10 year old post helped me resolve my issue!

0 Karma

sbarr0
Explorer

This worked perfectly for me.

Thank you!

0 Karma

neelamsantosh
Path Finder

Superb, Thanks.

0 Karma

Chubbybunny
Splunk Employee
Splunk Employee

I just had a similar problem where my server.conf was configured with the incorrect password:

[sslConfig]
sslKeysfilePassword = KingOfKrunk

You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:

$SPLUNK_HOME/bin/genSignedServerCert.sh

this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf

dlang
Engager

as of 4.3

NOTE: This script is deprecated. Instead, use "splunk createssl server-cert".

Sqig
Path Finder

A few things come to mind initially.

  1. Did your /opt/splunk/etc/auth/splunk.secret file change?
  2. Are you perhaps running Splunk as a different user than usual? For example, if you used to run it as user "root" and are now trying to run it as user "splunk", some things won't work until you chown -R your entire Splunk hierarchy.
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...