Splunk Enterprise Security

Getting error:0906D06C:PEM routines:PEM_read_bio:no start line after activating enableSplunkdSSL in server.conf

BernardEAI
Communicator

I have loaded a SSL Certificate on our development server (Splunk 8.1.4). I added the following to the server.conf file (based on the Splunk docs on what to add to the web.conf file):

[sslConfig]
enableSplunkdSSL = 1
privKeyPath = $SPLUNK_HOME/etc/auth/mycerts/splunk.key
serverCert = $SPLUNK_HOME/etc/auth/mycerts/splunk.pem
 
After restarting Splunk, I found a problem with the kvstors, and after investigating I found that mongod did not restart (running ./splunk _internal call /services/server/info |grep -i kvstore returned <s:key name="kvStoreStatus">failed</s:key>)
 
Running this search in Splunk:
 
index=_internal sourcetype=mongod
 
returns this error:
 
[main] cannot read certificate file: /opt/splunk/etc/auth/mycerts/splunk.key error:0906D06C:PEM routines:PEM_read_bio:no start line
 
I cannot determine why this error is being generated.
Labels (1)
0 Karma
1 Solution

venkatasri
SplunkTrust
SplunkTrust

Hi @BernardEAI 

privKeyPath  do not exist in server conf, its for web conf.  Following settings would suffice in most of the cases.

[sslConfig]

sslPassword (Optional required if server cert, key encrypted)

serverCert  (you can combine key, server cert ... first key file followed by server cert.. save them into single .pem)

sslRootCAPath (Optional)

---

An upvote would be appreciated if this reply helps!

 

View solution in original post

venkatasri
SplunkTrust
SplunkTrust

Hi @BernardEAI 

privKeyPath  do not exist in server conf, its for web conf.  Following settings would suffice in most of the cases.

[sslConfig]

sslPassword (Optional required if server cert, key encrypted)

serverCert  (you can combine key, server cert ... first key file followed by server cert.. save them into single .pem)

sslRootCAPath (Optional)

---

An upvote would be appreciated if this reply helps!

 

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...