So my certificates are originally from my Windows root certificate authority. One being the splunk cert which was in .pfx format and the other being the root ca's cert which was a .cer .
I then placed these on the Splunk box running linux (RHEL)and converted them to .pem with openssl. Followed by placing them within the /splunk/etc/certs/ directory and then configuring the output.conf file (client side) and the inputs.conf file (Splunk server side). Afterwards, I restarted the splunk service on the client side and splunk running linux (./splunkd restart) but I keep getting the errors shown below. I just don't understand why I'm getting these errors? (Especially because I setup Https for the web interface and it is working perfect via the use of the SplunkCert and splunk private key which was extracted originally from the .pfx). Any help would be appreciated!!!! Thanks 🙂
View full results
_time message _raw
1 21:23.9 Unable to write to file '/splunk/etc/users/admin/search/history/OracleSplunklocaldomain.csv'. Retried 5 times, period=500 ms. error='No such file or directory' 08-08-2012 16:21:23.915 -0400 ERROR SearchResults - Unable to write to file '/splunk/etc/users/admin/search/history/OracleSplunklocaldomain.csv'. Retried 5 times, period=500 ms. error='No such file or directory'
2 18:14.4 (child_3_Fsck) BucketBuilder - Error reading rawdata at offset=118784: rawdata was truncated 08-08-2012 16:18:14.392 -0400 ERROR ProcessTracker - (child_3_Fsck) BucketBuilder - Error reading rawdata at offset=118784: rawdata was truncated
3 18:14.2 SSL server certificate not found, or password is wrong - SSL ports will not be opened 08-08-2012 16:18:14.232 -0400 ERROR TcpInputProc - SSL server certificate not found, or password is wrong - SSL ports will not be opened
4 18:14.2 Can't read key file /splunk/etc/certs/splunkCert.pem errno=151441516 error:0906D06C:PEM routines:PEM_read_bio:no start line. 08-08-2012 16:18:14.232 -0400 ERROR SSLCommon - Can't read key file /splunk/etc/certs/splunkCert.pem errno=151441516 error:0906D06C:PEM routines:PEM_read_bio:no start line.
5 12:53.3 Failed to start the search process.
... View more