Why is my splunk installation failing to generate cert.pem?

New Member

splunk installation is failing to generate cert.pem

./splunk start

Splunk> Now with more code!

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port []: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Checking filesystem compatibility... Done
Checking conf files for problems...
Checking default conf files for edits...
Validating installed files against hashes from '/home/suk/opt/splunk/splunk-7.2.1-be11b2c46e23-linux-2.6-x86_64-manifest'
All installed files intact.
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Generating a 2048 bit RSA private key

writing new private key to 'privKeySecure.pem'

Signature ok
/home/suk/opt/splunk/$SPLUNK_HOME/etc/auth/splunkweb/cert.pem: No such file or directory
Command failed (ret=1), exiting.

Labels (1)
0 Karma


I know this is old but while setting up a lab to do some clustering I ran into this issue after making some of the "appropriate settings". To get around this for the sake of getting the lab stood up I just removed that part of the line in the:

splunk_dir/etc/system/local/web.conf (have to copy this from /default or you can hand type everything out)

for the privKeyPath and serverCert, I basically removed the $SPLUNK_HOME part so that it was just


(running a cmaster, dserver and fwdr on one server, an indexer cluster on one server, and search heads on another)
Would I do this for a single install or enterprise installation - heck no. This is only for personal labbing.

In your case:
File causing error and where you should fix - /home/suk/opt/splunk/etc/system/default/web.conf
copy that to

imagine in that web.conf file you have
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/,
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem

you would want (if you are just trying to get it to work)
privKeyPath = etc/auth/splunkweb/privkey.pem
serverCert = etc/auth/splunkweb/cert.pem

Previous comment is right, you want to install in the /opt/splunk - for me I wanted to "mock up" the lab environment for cluster admin so...

Path Finder

Hey @fearofcasanova , 

Thanks for the answer, this worked like a charm and now my splunkweb is up and running. 



0 Karma



do you execute everything in context of user suk? Usually you have a seperate user and you kind of want to install splunk in /opt/splunk. To do this automagically (and also set SPLUNK_HOME) you can install splunk using your package manager (DEB/RPM):

To your problem: This directory seems broken:

It should be: $SPLUNK_HOME/etc/auth/splunkweb/ with $SPLUNK_HOME being set.


/home/suk/opt/splunk/etc/auth/splunkweb/ as absolute path.

What does echo "$SPLUNK_HOME"print?




Is it owned by the same user/group as the splunkd process? Have you used "chown -R" for your splunk home to be sure?

Kind Regards

0 Karma


Any luck with that?

0 Karma
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...