Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is my splunk installation failing to generate cert.pem?

sukeerthij
New Member
‎11-28-2018 02:16 AM

splunk installation is failing to generate cert.pem

./splunk start

Splunk> Now with more code!

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/home/suk/opt/splunk/splunk-7.2.1-be11b2c46e23-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Generating a 2048 bit RSA private key
...............................................+++++
........+++++

writing new private key to 'privKeySecure.pem'

Signature ok
subject=/CN=localhost.localdomain/O=SplunkUser
/home/suk/opt/splunk/$SPLUNK_HOME/etc/auth/splunkweb/cert.pem: No such file or directory
Command failed (ret=1), exiting.

0 Karma
Reply

fearofcasanova
Engager
‎09-06-2019 11:54 PM

I know this is old but while setting up a lab to do some clustering I ran into this issue after making some of the "appropriate settings". To get around this for the sake of getting the lab stood up I just removed that part of the line in the:

splunk_dir/etc/system/local/web.conf (have to copy this from /default or you can hand type everything out)

for the privKeyPath and serverCert, I basically removed the $SPLUNK_HOME part so that it was just

etc/auth/splunkweb/privkey.pem
etc/auth/splunkweb/cert.pem

(running a cmaster, dserver and fwdr on one server, an indexer cluster on one server, and search heads on another)
Would I do this for a single install or enterprise installation - heck no. This is only for personal labbing.

In your case:
File causing error and where you should fix - /home/suk/opt/splunk/etc/system/default/web.conf
copy that to
/home/suk/opt/splunk/etc/system/local/

imagine in that web.conf file you have
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pe,
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem

you would want (if you are just trying to get it to work)
privKeyPath = etc/auth/splunkweb/privkey.pem
serverCert = etc/auth/splunkweb/cert.pem

Previous comment is right, you want to install in the /opt/splunk - for me I wanted to "mock up" the lab environment for cluster admin so...

Reply

im_bharath
Path Finder
‎10-20-2022 07:24 AM

Hey @fearofcasanova , 

Thanks for the answer, this worked like a charm and now my splunkweb is up and running. 

 

Thanks, 

0 Karma
Reply

bjoernjensen
Contributor
‎12-06-2018 02:53 AM

Hey,

do you execute everything in context of user suk? Usually you have a seperate user and you kind of want to install splunk in /opt/splunk. To do this automagically (and also set SPLUNK_HOME) you can install splunk using your package manager (DEB/RPM):
http://docs.splunk.com/Documentation/Splunk/7.2.1/SearchTutorial/InstallSplunk#Install_the_Splunk_En...

To your problem: This directory seems broken:
/home/suk/opt/splunk/$SPLUNK_HOME/etc/auth/splunkweb/

It should be: $SPLUNK_HOME/etc/auth/splunkweb/ with $SPLUNK_HOME being set.

or

/home/suk/opt/splunk/etc/auth/splunkweb/ as absolute path.

What does echo "$SPLUNK_HOME"print?

Cheerz,
Björn

Reply

dkeck
Influencer
‎11-28-2018 06:03 AM

HI

Is it owned by the same user/group as the splunkd process? Have you used "chown -R" for your splunk home to be sure?

Kind Regards

0 Karma
Reply

dkeck
Influencer
‎12-06-2018 01:37 AM

Any luck with that?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...