Attempting to install local/self-signed certs (Splunk Indexer houses Root CA with a cert distributed to all forwarders), and receiving the following error, ostensibly FIPS-related:
ERROR SSLCommon - Can't read key file /opt/splunkforwarder/etc/auth/mycerts/forwarderchain.pem errno=101351587 error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips.
This is on a Splunk Forwarder with FIPS enabled (all installations will be on Linux FIPS-kernel systems), using Splunk's inboard OpenSSL (1.0.2p-fips; and even if this had failed the latent installation instance is 1.0.2k-fips), and using ciphers that should be validated to generate the keys (-aes256 on key generation, -sha512 for final pem).
Is there some inherent compatibility issue that I'm missing that prevents this setup while in FIPS mode? Has anyone run across a similar error when working through the Splunk documentation for cert generation? I've essentially followed the following pages step for step:
https://docs.splunk.com/Documentation/Splunk/latest/Security/Howtoself-signcertificates
https://docs.splunk.com/Documentation/Splunk/latest/Security/HowtoprepareyoursignedcertificatesforSplunk
https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates
I've seen some references about needing to set OPENSSL_FIPS=1 for the OpenSSL instance, but can't tell if that's a change to the openssl.cnf file in /opt/splunkforwarder/openssl/openssl.conf, a general environment setting, or if it's even needed given I have the FIPS OpenSSL package to begin with.
... View more