Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

WARNING: Cannot decrypt private key

rayar
Contributor
‎09-13-2020 12:02 AM

Getting the below  on Splunk restart 

 

Waiting for web server at https://127.0.0.1:8000 to be available...............................WARNING: Cannot decrypt private key in "/opt/splunk/etc/auth/splunkweb/illinsplunkprd01.corp.amdocs.com.key.pem" without a password. Network communication with splunkweb may fail or hang. Consider using an unencrypted private key for splunkweb's SSL certificate.

 

Labels (1)
Labels
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-13-2020 09:00 AM

if you just have below 

should I leave the below only ? 

[splunk@illinsplunkprd01 etc]$ cat ./system/local/web.conf
[settings]
httpport = 8000

then ssl will not be enabled.

if you want to enable SSL, you need to follow the procedure I mentioned in my first answer.

————————————
If this helps, give a like below.
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-13-2020 02:00 AM

NOTE: secret key should be removed from mySplWebPrivKey.key before creating CSR and signing the CSR.

web.conf

 

[settings]
httpport = 8443
enableSplunkWebSSL = true
privKeyPath = $SPLUNK_HOME/etc/auth/directory/mySplWebPrivKey.key
serverCert = $SPLUNK_HOME/etc/auth/directory/es_web_ssl.pem

 

# Remove passphrase as Splunk Web doesn't support cert with passphrase
openssl rsa -in mySplWebPrivKey.key -out mySplWebPrivKey.key

————————————
If this helps, give a like below.
Reply

rayar
Contributor
‎09-13-2020 02:46 AM

Thanks for your inputs 

This is my web.conf 

 

[splunk@illinsplunkprd01 etc]$ cat ./system/local/web.conf
[settings]
httpport = 8000

#SSL configuration
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/splunkweb/illinsplunkprd01.corp.amdocs.com.key.pem
serverCert = /opt/splunk/etc/auth/splunkweb/illinsplunkprd01.corp.amdocs.com.cer.pem
[splunk@illinsplunkprd01 etc]$

 

should I leave the below only ? 

[splunk@illinsplunkprd01 etc]$ cat ./system/local/web.conf
[settings]
httpport = 8000

and run the below steps  ? 

openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem

 rename /opt/splunk/etc/auth/server.pem to server.pem.back and restart splunkd.

./splunk restart

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Seamless IT/OT Security: A Hands-On Look at the Cisco Cyber Vision Splunk Add-on

With just a few clicks, you can ingest critical OT asset details, vulnerabilities, baseline deviations, ...

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...