Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Getting error:0906D06C:PEM routines:PEM_read_bio:no start line after activating enableSplunkdSSL in server.conf

BernardEAI
Communicator
‎07-21-2021 05:52 AM

I have loaded a SSL Certificate on our development server (Splunk 8.1.4). I added the following to the server.conf file (based on the Splunk docs on what to add to the web.conf file):

[sslConfig]
enableSplunkdSSL = 1
privKeyPath = $SPLUNK_HOME/etc/auth/mycerts/splunk.key
serverCert = $SPLUNK_HOME/etc/auth/mycerts/splunk.pem
 
After restarting Splunk, I found a problem with the kvstors, and after investigating I found that mongod did not restart (running ./splunk _internal call /services/server/info |grep -i kvstore returned <s:key name="kvStoreStatus">failed</s:key>)
 
Running this search in Splunk:
 
index=_internal sourcetype=mongod
 
returns this error:
 
[main] cannot read certificate file: /opt/splunk/etc/auth/mycerts/splunk.key error:0906D06C:PEM routines:PEM_read_bio:no start line
 
I cannot determine why this error is being generated.
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-21-2021 05:30 PM

Hi @BernardEAI 

privKeyPath  do not exist in server conf, its for web conf.  Following settings would suffice in most of the cases.

[sslConfig]

sslPassword (Optional required if server cert, key encrypted)

serverCert  (you can combine key, server cert ... first key file followed by server cert.. save them into single .pem)

sslRootCAPath (Optional)

---

An upvote would be appreciated if this reply helps!

 

View solution in original post

Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-21-2021 05:30 PM

Hi @BernardEAI 

privKeyPath  do not exist in server conf, its for web conf.  Following settings would suffice in most of the cases.

[sslConfig]

sslPassword (Optional required if server cert, key encrypted)

serverCert  (you can combine key, server cert ... first key file followed by server cert.. save them into single .pem)

sslRootCAPath (Optional)

---

An upvote would be appreciated if this reply helps!

 

Reply
Solved! Jump to solution

Hiattech
Explorer
‎09-28-2023 01:02 PM

Is this still the case with 9.1.2? I'm getting the same error though I don't have privKeyPath listed in the server.conf file. My pem does have a password/key when I created it.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...