Getting Data In

When trying to create a self-sign certificate, why am I receiving "unknown option -config" and "can't open config file" errors?

marcmuher
Explorer

Using Splunk 6.5.1 on Windows Server 2012 R2. Pretty standard installation, one server with Splunk installed on the D drive and a bunch of forwarders.

I'm trying to generate a self-signed certificate using these directions:

http://docs.splunk.com/Documentation/Splunk/6.5.1/Security/Self-signcertificatesforSplunkWeb

When I get to step 4, I put in this line from the d:\splunk\bin directory after (after changing the end from $splunk_home\openssl.cnf)

openssl req -new -key myCAPrivateKey.key -out myCACertificate.csr  -config d:\splunk\openssl.cnf

I get the message

 "WARNING: can't open config file: C:\\wrangler-2.0\\build-home\\ivory/ssl/openssl.cnf 

but it still creates the private key.

The next step, I enter (after again changing the end from $splunk_home\openssl.cnf)

openssl x509 -req -in myCACertificate.csr -signkey myCAPrivateKey.key -out myCACertificate.pem -days 3650  -config d:\splunk\openssl.cnf

I get the reply:

WARNING: can't open config file: C:\\wrangler-2.0\build-home\\ivory/ssl/openssl.cnf

And there I'm stuck. Anyone have any ideas?

dstaulcu
Builder

Do you use btool? (eg. splunk cmd btool ). As you may recall, passing btool as an arg to splunk cmd ensures that the btool process inherits expected environment variables.

For the same reasons, prepend your call to openssl with splunk cmd. (eg. splunk cmd openssl )

rbreton
Path Finder

I came across the same issue. From what I gather, OpenSSL can't find a required configuration file. Luckily when installing Splunk the necessary file is placed in "c:\Program Files\Splunk\openssl.cnf". Unfortunately, installing Splunk does not set the %OPENSSL_CONF% system variable that points to the file.

Use the following to see if the system variable is set:
echo %OPENSSL_CONF%

If the variable is not set you can tell Windows to use the configuration file provided by Splunk.
set OPENSSL_CONF=c:\Program Files\Splunk\openssl.cnf

dhrechkosy
Explorer

Hi,

I'm having this exact issue (Same build and server os). Did you ever find a solution for this?

Thanks,
Devyn

sirkgm14vg
Explorer

Are you trying to do this on Linux machine, or on a Windows machine? I see references to C:\ but then switching of the folder separator. That's more than likely the issue.

0 Karma

marcmuher
Explorer

It's a windows machine. Server 2012 R2. The switching of the folder separators are the replies that I'm getting, not the input.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!