Getting Data In

When trying to create a self-sign certificate, why am I receiving "unknown option -config" and "can't open config file" errors?


Using Splunk 6.5.1 on Windows Server 2012 R2. Pretty standard installation, one server with Splunk installed on the D drive and a bunch of forwarders.

I'm trying to generate a self-signed certificate using these directions:

When I get to step 4, I put in this line from the d:\splunk\bin directory after (after changing the end from $splunk_home\openssl.cnf)

openssl req -new -key myCAPrivateKey.key -out myCACertificate.csr  -config d:\splunk\openssl.cnf

I get the message

 "WARNING: can't open config file: C:\\wrangler-2.0\\build-home\\ivory/ssl/openssl.cnf 

but it still creates the private key.

The next step, I enter (after again changing the end from $splunk_home\openssl.cnf)

openssl x509 -req -in myCACertificate.csr -signkey myCAPrivateKey.key -out myCACertificate.pem -days 3650  -config d:\splunk\openssl.cnf

I get the reply:

WARNING: can't open config file: C:\\wrangler-2.0\build-home\\ivory/ssl/openssl.cnf

And there I'm stuck. Anyone have any ideas?


Do you use btool? (eg. splunk cmd btool ). As you may recall, passing btool as an arg to splunk cmd ensures that the btool process inherits expected environment variables.

For the same reasons, prepend your call to openssl with splunk cmd. (eg. splunk cmd openssl )

Path Finder

I came across the same issue. From what I gather, OpenSSL can't find a required configuration file. Luckily when installing Splunk the necessary file is placed in "c:\Program Files\Splunk\openssl.cnf". Unfortunately, installing Splunk does not set the %OPENSSL_CONF% system variable that points to the file.

Use the following to see if the system variable is set:

If the variable is not set you can tell Windows to use the configuration file provided by Splunk.
set OPENSSL_CONF=c:\Program Files\Splunk\openssl.cnf



I'm having this exact issue (Same build and server os). Did you ever find a solution for this?



Are you trying to do this on Linux machine, or on a Windows machine? I see references to C:\ but then switching of the folder separator. That's more than likely the issue.

0 Karma


It's a windows machine. Server 2012 R2. The switching of the folder separators are the replies that I'm getting, not the input.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!