Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

unable to access the webUI, and im getting this error in my splunkd.log..anyone know how to fix this?

jbsplunk
Splunk Employee
Splunk Employee
‎01-27-2012 10:53 AM 
01-24-2012 17:35:39.483 -0800 ERROR SSLCommon - Can't read key file /opt/splunk/etc/auth/server.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt.
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL context could not be created - error in cert or password is wrong
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL will not be enable
Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎01-27-2012 12:09 PM

I just had a similar problem where my server.conf was configured with the incorrect password:

[sslConfig]
sslKeysfilePassword = KingOfKrunk

You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:

$SPLUNK_HOME/bin/genSignedServerCert.sh

this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf

View solution in original post

Reply
Solved! Jump to solution

season88481
Contributor
‎04-08-2019 02:43 PM

In my case, since I am not using any SSL encryption for my test Splunk instance. I simply backup/remove both /opt/splunk/etc/system/local/server.conf and the /opt/splunk/etc/auth/server.pem file. Then restart splunkd, this fix my issue.

0 Karma
Reply
Solved! Jump to solution

watsm10
Communicator
‎06-30-2014 02:34 AM

We just encountered the same problem after upgrading from Splunk 5 to Splunk 6.1. We overcame the issue by commenting out the [sslconfig] stanza in server.conf and restarting splunkd. This forces Splunk to generate a new SSL password and all checks passed on start up.

Reply
Solved! Jump to solution

sbarr0
Explorer
‎01-20-2015 10:54 AM

This worked perfectly for me.

Thank you!

0 Karma
Reply
Solved! Jump to solution

neelamsantosh
Path Finder
‎01-28-2016 06:07 AM

Superb, Thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎01-27-2012 12:09 PM

I just had a similar problem where my server.conf was configured with the incorrect password:

[sslConfig]
sslKeysfilePassword = KingOfKrunk

You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:

$SPLUNK_HOME/bin/genSignedServerCert.sh

this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf

Reply
Solved! Jump to solution

dlang
Engager
‎06-14-2012 01:05 PM

as of 4.3

NOTE: This script is deprecated. Instead, use "splunk createssl server-cert".

Reply
Solved! Jump to solution

Sqig
Path Finder
‎01-27-2012 11:01 AM

A few things come to mind initially.

  1. Did your /opt/splunk/etc/auth/splunk.secret file change?
  2. Are you perhaps running Splunk as a different user than usual? For example, if you used to run it as user "root" and are now trying to run it as user "splunk", some things won't work until you chown -R your entire Splunk hierarchy.
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...