Error opening CA Certificate ca.pem

eworman · ‎02-27-2012

I just installed Splunk 4.3 (splunk-4.3-115073-freebsd-7.3-amd64.tgz) on a FreeBSD 7 machine. When I try launching Splunk this is the error I get

Splunk> Needle. Haystack. Found.

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking index directory...
Validated databases: _audit _blocksignature _internal _thefishbucket history main summary
Done
New certs have been generated in '/opt/splunk/etc/auth'.
Success
Checking conf files for typos...
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Timed out waiting for splunkd to start.
Starting splunkweb... Generating certs for splunkweb server
Generating a 1024 bit RSA private key
..++++++
..++++++

writing new private key to 'privKeySecure.pem'

Signature ok
subject=/CN=splunk.{domainname}.com/O=SplunkUser
Error opening CA Certificate ca.pem
1391:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('ca.pem','r')
1391:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
unable to load certificate
Command failed (ret=1), exiting.

campbellj1977 · ‎05-14-2013

setenforce 0

Then reinstall Splunk. RPM Rpm -ihv --force splunk*.rpm

Windows Use GUI

Then start Splunk again.

eworman · ‎02-27-2012

That file did not exist. There was a ca.pem.default file which I renamed ca.pem. Splunkd still times out when it launches. Here's the output of the ca.pem file

Certificate:
Data:
Version: 1 (0x0)
Serial Number:
c0:b1:f4:21:39:fa:d6:69
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
Validity
Not Before: Jul 24 17:12:19 2006 GMT
Not After : Jul 21 17:12:19 2016 GMT
Subject: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c9:99:be:79:ca:f6:a6:d4:6a:86:81:32:b4:75:
f1:d7:58:98:81:d0:58:7c:7e:c7:49:15:17:39:77:
10:49:3c:56:82:fe:49:66:b5:b2:c5:2d:b6:2e:5d:
d0:b6:26:1e:1c:9b:fb:a1:8f:5f:c5:5a:60:34:59:
b8:5b:d3:6a:e8:01:5d:37:67:74:97:d2:91:f2:15:
ad:d4:77:2a:ab:f5:fe:44:44:9d:00:60:50:3e:cb:
95:21:6c:c9:c3:f7:39:61:b3:b2:7c:b9:cb:9b:dd:
7b:c0:f2:b9:fb:f5:e8:e4:62:d0:d7:da:b3:10:58:
f3:59:60:f7:2b:c5:41:21:8b
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
a5:b7:ec:d1:70:4e:29:09:38:ca:3d:67:c7:23:98:90:f3:f7:
06:b8:c9:c9:01:32:51:00:d7:fb:3a:93:a3:a6:cd:91:f4:82:
40:2c:b0:bb:2d:46:40:5a:be:5a:f5:b8:80:4f:67:62:5f:b1:
ee:85:8e:82:79:7a:40:b5:02:85:e4:22:7c:26:0a:ca:56:19:
35:42:a1:ef:2b:c2:15:34:c5:a8:f4:1a:c0:be:c0:0d:f2:90:
bf:94:2a:e5:f3:ea:21:37:a0:37:27:2e:bd:2a:c6:23:53:d8:
ec:5d:4f:1c:fe:10:1f:53:d3:29:d1:c7:f1:76:28:bd:61:75:

f0:91

Here is the revised output when trying to start splunk

Splunk> CSI: Logfiles.

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking index directory...
Validated databases: _audit _blocksignature _internal _thefishbucket history main summary
Done
Success
Checking conf files for typos...
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Timed out waiting for splunkd to start.

Chubbybunny · ‎02-27-2012

greetings!!
if you can, post the contents of the $pem file?

try:
openssl x509 -in /opt/splunk/etc/auth/ca.pem -noout -text