Hello I'm trying to generate self-signed CA for forwarding-indexer communications
I'm follow this doc - http://docs.splunk.com/Documentation/Splunk/latest/Security/Howtoself-signcertificates
With no any success. When I try to chek my new cert that is combined from three generated earlier with openssl.exe I get next message:
PS C:\Program Files\Splunk\bin> .\openssl.exe x509 -subject -issuer -dates -noout -in preparedServerCertificate.pem
WARNING: can't open config file: \openssl.cnf
unable to load certificate
1924:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
also when I try to use it in inputs.conf I get next message:
ERROR SSLCommon - Can't read key file C:\Program files\Splunk\etc\auth\self-signed-certs\preparedServerCertificate.pem errno=151441516 error:0906D06C:PEM routines:PEM_read_bio:no start line.
Does somebody have the right manual to get it working on Windows 2012R2?
My powershell script based on docs lookus as follow (updated and works for me😞
#Splunk new self-signed certs generate
#more info - http://docs.splunk.com/Documentation/Splunk/latest/Security/Howtoself-signcertificates
$SPLUNK_HOME = "C:\Program files\Splunk"
$pass = "passForSplunk"
$CNroot = "splunk-staging"
$CNserver = "splunk-srv"
$CNforwarders = "splunk-forwarder"
$nl = [Environment]::NewLine
$env:OPENSSL_CONF = "$SPLUNK_HOME\openssl.cnf"
$certDir = $SPLUNK_HOME+"/etc/auth/self-signed-certs"
$scriptDir = (Get-Item -Path ".\" -Verbose).FullName
$keyLength = 2048
mkdir $SPLUNK_HOME/etc/auth/self-signed-certs
cd $SPLUNK_HOME/bin
#generate root key srt and pem
.\openssl genrsa -des3 -passout pass:$pass -out $certDir/rootCAPrivateKey.key $keyLength
.\openssl req -new -key $certDir/rootCAPrivateKey.key -passin pass:$pass -out $certDir/rootca.csr -subj "/C=US/ST=California/L=Berkley/O=Splunk/OU=Test-staging/CN=$CNroot"
.\openssl x509 -req -in $certDir/rootca.csr -sha1 -signkey $certDir/rootCAPrivateKey.key -passin pass:$pass -CAcreateserial -out $certDir/rootca.pem -days 1095
#Generate and sign server certificate with root CA
.\openssl genrsa -des3 -passout pass:$pass -out $certDir/serverPrivateKey.key $keyLength
.\openssl req -new -key $certDir/serverPrivateKey.key -passin pass:$pass -out $certDir/serverCertificate.csr -subj "/C=US/ST=California/L=Berkley/O=Splunk/OU=Test-staging/CN=$CNserver"
.\openssl x509 -req -in $certDir/serverCertificate.csr -sha1 -CA $certDir/rootca.pem -CAkey $certDir/rootCAPrivateKey.key -CAcreateserial -out $certDir/serverCertificate.pem -days 1095 -passin pass:$pass
#Generate and sign forwarder certificate with root CA
.\openssl genrsa -des3 -passout pass:$pass -out $certDir/forwarderPrivateKey.key $keyLength
.\openssl req -new -key $certDir/forwarderPrivateKey.key -passin pass:$pass -out $certDir/forwarderCertificate.csr -subj "/C=US/ST=California/L=Berkley/O=Splunk/OU=Test-staging/CN=$CNforwarders"
.\openssl x509 -req -in $certDir/forwarderCertificate.csr -sha1 -CA $certDir/rootca.pem -CAkey $certDir/rootCAPrivateKey.key -CAcreateserial -out $certDir/forwarderCertificate.pem -days 1095 -passin pass:$pass
#this is not working due to windows SR-LF symbol added at the end of each line:
#get-content serverCertificate.pem, serverPrivateKey.key, rootCACertificate.pem | out-file preparedServerCertificate.pem
#this works:
#Consolidate the signed server certificate, the server private key and the CA public key in a single PEM file
cd $certDir
CMD /C "type serverCertificate.pem serverPrivateKey.key rootCA.pem > server.pem"
#Consolidate the signed forwarder certificate, the forwarder private key and the CA public key in a single PEM file
cd $certDir
CMD /C "type forwarderCertificate.pem forwarderPrivateKey.key rootCA.pem > forwarder.pem"
#Updating Splunk inputs.cong to use new self signed certs
$text = "[SSL]"+$nl
$text += "rootCA = $SPLUNK_HOME\etc\auth\self-signed-certs\rootca.pem"+$nl
$text += "serverCert = $SPLUNK_HOME\etc\auth\self-signed-certs\server.pem"+$nl
$text += "password = $pass"+$nl+$nl
$text += "[splunktcp-ssl:9997]"+$nl
$text += "compressed = true"+$nl
Write-host $nl
Write-host "This should be added in $SPLUNK_HOME\etc\system\local\inputs.conf on Splunk indexer:"+nl$ -foregroundcolor yellow
Write-host $text
Write-host "Script ended. Please restart splunkd after updating inputs.conf (net stop splunkd&&net start splunkd)" -foregroundcolor yellow
cd $scriptDir
Howeveer those keyes is not working:
On Server:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
On client:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
... View more