Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ERROR MongodRunner [9060 KVStoreConfigurationThread] - Failed to convert PEM to PFX

jeremyhagand61
Communicator
‎09-20-2022 11:02 PM

Just putting this here for others who come across this problem since I got no results when I searched here.

After upgrading to Splunk 9.0.1 and configuring an SSL cert for the kvstore I got this error on one of my two instances. On Windows, the kvstore relies on the server cert being in the Windows local machine certificate store. At startup it converts the supplied PEM (with embedded cert and password protected key) into a PFX which it then imports into the store.

The error referenced in Subject is preceded by:

 

ERROR MongodRunner [9060 KVStoreConfigurationThread] - Command cmd="{CMD.EXE /C ( "C:\Program Files\Splunk\bin\openssl.exe" pkcs12 -inkey "C:\Program Files\Splunk\etc\auth\mycerts\splunkd.pem" -in "C:\Program Files\Splunk\etc\auth\mycerts\splunkd.pem" -passin pass:xxxx -export -out "C:\Program Files\Splunk\etc\auth\mycerts\splunkd.pem.pfx" -passout pass:xxxx )}" failed: exited with code 1. unable to load private key\r\n10460:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:.\crypto\evp\evp_enc.c:590:\r\n10460:error:0906A065:PEM routines:PEM_do_header:bad decrypt:.\crypto\pem\pem_lib.c:476:\r\n

 

I tried this command and it did not work. I tried the openssl command by itself in PowerShell and it DID work. The problem turned out to be one of the special character in the password I had set on my private key. I used open SSL to write out a new copy of the key with a different password with no special characters and lo and behold it worked. Just be careful to replace the new password in all locations it might be used (EG: Twice in server.conf and in inputs.conf on an indexer).

The command for changing the password on your key is as follows:

 

.\openssl.exe rsa -aes265 -in mykey.key -out mynewkey.key -passin pass:oldpassword -passout pass:newpassword

 

Just make sure you are aware of what the special character in your old password might be and use PowerShell not the command prompt

Labels (1)
Labels
Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

jeremyhagand61
Communicator
‎09-20-2022 11:03 PM

See my answer in the post

View solution in original post

0 Karma
Reply
Solved! Jump to solution

bseppanen1
Explorer
‎10-20-2022 12:48 PM

Just curious what special character you think that may have triggered this?  I'm seeing something possibly similar, but I'm skeptical it would be barfing on a "+"

This is with version 9.0.1, and is what I'm seeing

10-20-2022 15:23:30.702 -0400 INFO loader [5164 MainThread] - JsonWebToken Manager registration with KVStore successful.
10-20-2022 15:23:30.826 -0400 INFO MongodRunner [7720 KVStoreConfigurationThread] - Found an existing PFX certificate
10-20-2022 15:23:30.826 -0400 INFO MongodRunner [7720 KVStoreConfigurationThread] - Using mongod command line --sslCertificateSelector subject=US
10-20-2022 15:23:30.826 -0400 INFO MongodRunner [7720 KVStoreConfigurationThread] - Using mongod command line --tlsDisabledProtocols noTLS1_0,noTLS1_1
10-20-2022 15:23:30.826 -0400 INFO MongodRunner [7720 KVStoreConfigurationThread] - Using mongod command line --sslCipherConfig ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256
10-20-2022 15:23:30.826 -0400 INFO MongodRunner [7720 KVStoreConfigurationThread] - Using mongod command line --noscripting
10-20-2022 15:23:30.873 -0400 ERROR MongodRunner [9524 MongodLogThread] - mongod exited abnormally (exit code 1, status: exited with code 1) - look at mongod.log to investigate.
10-20-2022 15:23:30.873 -0400 ERROR KVStoreBulletinBoardManager [9524 MongodLogThread] - KV Store process terminated abnormally (exit code 1, status exited with code 1). See mongod.log and splunkd.log for details.
10-20-2022 15:23:30.873 -0400 WARN KVStoreConfigurationProvider [9524 MongodLogThread] - Action scheduled, but event loop is not ready yet
10-20-2022 15:23:30.873 -0400 ERROR KVStoreBulletinBoardManager [9524 MongodLogThread] - KV Store changed status to failed. KVStore process terminated..

0 Karma
Reply
Solved! Jump to solution

janderson42
Loves-to-Learn Everything
‎02-02-2023 11:25 AM

@bseppanen1 Mine barfed on a "^".

0 Karma
Reply
Solved! Jump to solution

MaxG
New Member
‎11-04-2022 04:39 PM

I have a similar issue. Splunk can convert PEM to PFX and import it but mongod cannot find the certificate because of

--sslCertificateSelector subject=US

Mongod picks up the first certificate available with "US" and that one doesn't have an associated private key. I wonder why that happens? 

0 Karma
Reply
Solved! Jump to solution

jeremyhagand61
Communicator
‎10-25-2022 01:27 PM

Pure speculation, since I didn't take the time to test, but I would say & (command concatenation) or ^ (MS-DOS escape character)

0 Karma
Reply
Solved! Jump to solution
Solution

jeremyhagand61
Communicator
‎09-20-2022 11:03 PM

See my answer in the post

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...