Getting the below on Splunk restart
Waiting for web server at https://127.0.0.1:8000 to be available...............................WARNING: Cannot decrypt private key in "/opt/splunk/etc/auth/splunkweb/illinsplunkprd01.corp.amdocs.com.key.pem" without a password. Network communication with splunkweb may fail or hang. Consider using an unencrypted private key for splunkweb's SSL certificate.
if you just have below
should I leave the below only ?
[splunk@illinsplunkprd01 etc]$ cat ./system/local/web.conf
[settings]
httpport = 8000
then ssl will not be enabled.
if you want to enable SSL, you need to follow the procedure I mentioned in my first answer.
NOTE: secret key should be removed from mySplWebPrivKey.key before creating CSR and signing the CSR.
web.conf
[settings]
httpport = 8443
enableSplunkWebSSL = true
privKeyPath = $SPLUNK_HOME/etc/auth/directory/mySplWebPrivKey.key
serverCert = $SPLUNK_HOME/etc/auth/directory/es_web_ssl.pem
# Remove passphrase as Splunk Web doesn't support cert with passphrase
openssl rsa -in mySplWebPrivKey.key -out mySplWebPrivKey.key
Thanks for your inputs
This is my web.conf
[splunk@illinsplunkprd01 etc]$ cat ./system/local/web.conf
[settings]
httpport = 8000
#SSL configuration
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/splunkweb/illinsplunkprd01.corp.amdocs.com.key.pem
serverCert = /opt/splunk/etc/auth/splunkweb/illinsplunkprd01.corp.amdocs.com.cer.pem
[splunk@illinsplunkprd01 etc]$
should I leave the below only ?
[splunk@illinsplunkprd01 etc]$ cat ./system/local/web.conf
[settings]
httpport = 8000
and run the below steps ?
openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
rename /opt/splunk/etc/auth/server.pem to server.pem.back and restart splunkd.
./splunk restart