Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

unable to access the webUI, and im getting this error in my splunkd.log..anyone know how to fix this?

jbsplunk
Splunk Employee
Splunk Employee
‎01-27-2012 10:53 AM 
01-24-2012 17:35:39.483 -0800 ERROR SSLCommon - Can't read key file /opt/splunk/etc/auth/server.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt.
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL context could not be created - error in cert or password is wrong
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL will not be enable
Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎01-27-2012 12:09 PM

I just had a similar problem where my server.conf was configured with the incorrect password:

[sslConfig]
sslKeysfilePassword = KingOfKrunk

You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:

$SPLUNK_HOME/bin/genSignedServerCert.sh

this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf

View solution in original post

Reply
Solved! Jump to solution

season88481
Contributor
‎04-08-2019 02:43 PM

In my case, since I am not using any SSL encryption for my test Splunk instance. I simply backup/remove both /opt/splunk/etc/system/local/server.conf and the /opt/splunk/etc/auth/server.pem file. Then restart splunkd, this fix my issue.

0 Karma
Reply
Solved! Jump to solution

watsm10
Communicator
‎06-30-2014 02:34 AM

We just encountered the same problem after upgrading from Splunk 5 to Splunk 6.1. We overcame the issue by commenting out the [sslconfig] stanza in server.conf and restarting splunkd. This forces Splunk to generate a new SSL password and all checks passed on start up.

Reply
Solved! Jump to solution

WumboJumbo675
Explorer
‎07-04-2024 11:05 AM

Thanks so much. This 10 year old post helped me resolve my issue!

0 Karma
Reply
Solved! Jump to solution

sbarr0
Explorer
‎01-20-2015 10:54 AM

This worked perfectly for me.

Thank you!

0 Karma
Reply
Solved! Jump to solution

neelamsantosh
Path Finder
‎01-28-2016 06:07 AM

Superb, Thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎01-27-2012 12:09 PM

I just had a similar problem where my server.conf was configured with the incorrect password:

[sslConfig]
sslKeysfilePassword = KingOfKrunk

You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:

$SPLUNK_HOME/bin/genSignedServerCert.sh

this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf

Reply
Solved! Jump to solution

dlang
Engager
‎06-14-2012 01:05 PM

as of 4.3

NOTE: This script is deprecated. Instead, use "splunk createssl server-cert".

Reply
Solved! Jump to solution

Sqig
Path Finder
‎01-27-2012 11:01 AM

A few things come to mind initially.

  1. Did your /opt/splunk/etc/auth/splunk.secret file change?
  2. Are you perhaps running Splunk as a different user than usual? For example, if you used to run it as user "root" and are now trying to run it as user "splunk", some things won't work until you chown -R your entire Splunk hierarchy.
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...