Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Getting error:0906D06C:PEM routines:PEM_read_bio:no start line after activating enableSplunkdSSL in server.conf

BernardEAI
Communicator
‎07-21-2021 05:52 AM

I have loaded a SSL Certificate on our development server (Splunk 8.1.4). I added the following to the server.conf file (based on the Splunk docs on what to add to the web.conf file):

[sslConfig]
enableSplunkdSSL = 1
privKeyPath = $SPLUNK_HOME/etc/auth/mycerts/splunk.key
serverCert = $SPLUNK_HOME/etc/auth/mycerts/splunk.pem
 
After restarting Splunk, I found a problem with the kvstors, and after investigating I found that mongod did not restart (running ./splunk _internal call /services/server/info |grep -i kvstore returned <s:key name="kvStoreStatus">failed</s:key>)
 
Running this search in Splunk:
 
index=_internal sourcetype=mongod
 
returns this error:
 
[main] cannot read certificate file: /opt/splunk/etc/auth/mycerts/splunk.key error:0906D06C:PEM routines:PEM_read_bio:no start line
 
I cannot determine why this error is being generated.
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-21-2021 05:30 PM

Hi @BernardEAI 

privKeyPath  do not exist in server conf, its for web conf.  Following settings would suffice in most of the cases.

[sslConfig]

sslPassword (Optional required if server cert, key encrypted)

serverCert  (you can combine key, server cert ... first key file followed by server cert.. save them into single .pem)

sslRootCAPath (Optional)

---

An upvote would be appreciated if this reply helps!

 

View solution in original post

Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-21-2021 05:30 PM

Hi @BernardEAI 

privKeyPath  do not exist in server conf, its for web conf.  Following settings would suffice in most of the cases.

[sslConfig]

sslPassword (Optional required if server cert, key encrypted)

serverCert  (you can combine key, server cert ... first key file followed by server cert.. save them into single .pem)

sslRootCAPath (Optional)

---

An upvote would be appreciated if this reply helps!

 

Reply
Solved! Jump to solution

Hiattech
Explorer
‎09-28-2023 01:02 PM

Is this still the case with 9.1.2? I'm getting the same error though I don't have privKeyPath listed in the server.conf file. My pem does have a password/key when I created it.

0 Karma
Reply
Get Updates on the Splunk Community!

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...