Splunk Enterprise Security

Getting error:0906D06C:PEM routines:PEM_read_bio:no start line after activating enableSplunkdSSL in server.conf

BernardEAI
Communicator

I have loaded a SSL Certificate on our development server (Splunk 8.1.4). I added the following to the server.conf file (based on the Splunk docs on what to add to the web.conf file):

[sslConfig]
enableSplunkdSSL = 1
privKeyPath = $SPLUNK_HOME/etc/auth/mycerts/splunk.key
serverCert = $SPLUNK_HOME/etc/auth/mycerts/splunk.pem
 
After restarting Splunk, I found a problem with the kvstors, and after investigating I found that mongod did not restart (running ./splunk _internal call /services/server/info |grep -i kvstore returned <s:key name="kvStoreStatus">failed</s:key>)
 
Running this search in Splunk:
 
index=_internal sourcetype=mongod
 
returns this error:
 
[main] cannot read certificate file: /opt/splunk/etc/auth/mycerts/splunk.key error:0906D06C:PEM routines:PEM_read_bio:no start line
 
I cannot determine why this error is being generated.
Labels (1)
0 Karma
1 Solution

venkatasri
SplunkTrust
SplunkTrust

Hi @BernardEAI 

privKeyPath  do not exist in server conf, its for web conf.  Following settings would suffice in most of the cases.

[sslConfig]

sslPassword (Optional required if server cert, key encrypted)

serverCert  (you can combine key, server cert ... first key file followed by server cert.. save them into single .pem)

sslRootCAPath (Optional)

---

An upvote would be appreciated if this reply helps!

 

View solution in original post

venkatasri
SplunkTrust
SplunkTrust

Hi @BernardEAI 

privKeyPath  do not exist in server conf, its for web conf.  Following settings would suffice in most of the cases.

[sslConfig]

sslPassword (Optional required if server cert, key encrypted)

serverCert  (you can combine key, server cert ... first key file followed by server cert.. save them into single .pem)

sslRootCAPath (Optional)

---

An upvote would be appreciated if this reply helps!

 

Hiattech
Explorer

Is this still the case with 9.1.2? I'm getting the same error though I don't have privKeyPath listed in the server.conf file. My pem does have a password/key when I created it.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...