We have a problem trying to configure the web.conf in Splunk v652 using dhFile at 2048 encryption in Window server.
The web.conf line is this
dhFile = $SPLUNK_HOME\etc\auth\splunkweb\DH2048.pem
We use the following command to generate it.
#openssl.exe gendh -out "c:\program files\splunk\etc\auth\splunkweb\DH_2048.pem" 2048
After set it up, the Splunk Web will not start
see below for the log file
INFO [58b61fb8082234be0] root:650 - CONFIG: dhFile (str): $SPLUNK_HOME\etc\auth\splunkweb\DH_2048.pem
INFO [58b61fb8082234be0] root:650 - CONFIG: docsCheckerBaseURL (str): https://quickdraw.splunk.com/help
INFO [58b61fb8082234be0] root:650 - CONFIG: ecdhCurves (str): secp384r1,secp521r1
INFO [58b61fb8082234be0] root:650 - CONFIG: embed_footer (str): splunk>
INFO [58b61fb8082234be0] root:650 - CONFIG: embed_uri (str):
INFO [58b61fb8082234be0] root:650 - CONFIG: enableSplunkWebClientNetloc (bool): False
INFO [58b61fb8082234be0] root:650 - CONFIG: enableSplunkWebSSL (bool): False
INFO [58b61fb8082234be0] root:650 - CONFIG: enableWebDebug (bool): False
INFO [58b61fb8082234be0] root:650 - CONFIG: enable_autocomplete_login (bool): False
INFO [58b61fb8082234be0] root:650 - CONFIG: enable_gzip (bool): True
INFO [58b61fb8082234be0] root:650 - CONFIG: enable_insecure_login (bool): False
INFO [58b61fb8082234be0] root:650 - CONFIG: enable_pivot_adhoc_acceleration (bool): True
INFO [58b61fb8082234be0] root:650 - CONFIG: enable_proxy_write (bool): True
INFO [58b61fb8082234be0] root:650 - CONFIG: enable_risky_command_check (bool): True
Just in case someone runs across this post. The solution is to put quotes around the setting:
dhFile = "$SPLUNK_HOME\etc\auth\splunkweb\DH2048.pem "
This same solution was also provided on another answers post:
I ran into a similar issue where if this was applied in server.conf without quotes, the splunk service would not start on Windows 2008 or 2012. A linux server was not affected. I have opened a bug to have this reviewed but wanted to comment here so others can see this.
I don't see any errors there. Look in your log files for "ERROR".