01-24-2012 17:35:39.483 -0800 ERROR SSLCommon - Can't read key file /opt/splunk/etc/auth/server.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt.
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL context could not be created - error in cert or password is wrong
01-24-2012 17:35:39.483 -0800 ERROR HTTPServer - SSL will not be enable
I just had a similar problem where my server.conf was configured with the incorrect password:
[sslConfig]
sslKeysfilePassword = KingOfKrunk
You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:
$SPLUNK_HOME/bin/genSignedServerCert.sh
this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf
In my case, since I am not using any SSL encryption for my test Splunk instance. I simply backup/remove both /opt/splunk/etc/system/local/server.conf and the /opt/splunk/etc/auth/server.pem file. Then restart splunkd, this fix my issue.
We just encountered the same problem after upgrading from Splunk 5 to Splunk 6.1. We overcame the issue by commenting out the [sslconfig] stanza in server.conf and restarting splunkd. This forces Splunk to generate a new SSL password and all checks passed on start up.
This worked perfectly for me.
Thank you!
Superb, Thanks.
I just had a similar problem where my server.conf was configured with the incorrect password:
[sslConfig]
sslKeysfilePassword = KingOfKrunk
You can either edit (sever.conf) and enter the correct password for [sslconfig] 'sslKeysfilePassword' to decrypt server.pem OR generate a new signed cert and key pair using:
$SPLUNK_HOME/bin/genSignedServerCert.sh
this script will allow you to enter a new PEM pass phrase which will need to be transfer into server.conf
as of 4.3
NOTE: This script is deprecated. Instead, use "splunk createssl server-cert".
A few things come to mind initially.