Using Splunk 6.5.1 on Windows Server 2012 R2. Pretty standard installation, one server with Splunk installed on the D drive and a bunch of forwarders.
I'm trying to generate a self-signed certificate using these directions:
When I get to step 4, I put in this line from the d:\splunk\bin directory after (after changing the end from $splunk_home\openssl.cnf)
openssl req -new -key myCAPrivateKey.key -out myCACertificate.csr -config d:\splunk\openssl.cnf
I get the message
"WARNING: can't open config file: C:\\wrangler-2.0\\build-home\\ivory/ssl/openssl.cnf
but it still creates the private key.
The next step, I enter (after again changing the end from $splunk_home\openssl.cnf)
openssl x509 -req -in myCACertificate.csr -signkey myCAPrivateKey.key -out myCACertificate.pem -days 3650 -config d:\splunk\openssl.cnf
I get the reply:
WARNING: can't open config file: C:\\wrangler-2.0\build-home\\ivory/ssl/openssl.cnf
And there I'm stuck. Anyone have any ideas?
Do you use btool? (eg. splunk cmd btool ). As you may recall, passing btool as an arg to splunk cmd ensures that the btool process inherits expected environment variables.
For the same reasons, prepend your call to openssl with splunk cmd. (eg. splunk cmd openssl )
I came across the same issue. From what I gather, OpenSSL can't find a required configuration file. Luckily when installing Splunk the necessary file is placed in "c:\Program Files\Splunk\openssl.cnf". Unfortunately, installing Splunk does not set the %OPENSSL_CONF% system variable that points to the file.
Use the following to see if the system variable is set:
If the variable is not set you can tell Windows to use the configuration file provided by Splunk.
set OPENSSL_CONF=c:\Program Files\Splunk\openssl.cnf