Security

Why am I unable to use dhfile and 2048 encryption in Splunk Web?

tlam_splunk
Splunk Employee
Splunk Employee

We have a problem trying to configure the web.conf in Splunk v652 using dhFile at 2048 encryption in Window server.

The web.conf line is this

dhFile = $SPLUNK_HOME\etc\auth\splunkweb\DH2048.pem 

We use the following command to generate it.

#openssl.exe gendh -out "c:\program files\splunk\etc\auth\splunkweb\DH_2048.pem" 2048 

After set it up, the Splunk Web will not start

see below for the log file

INFO    [58b61fb8082234be0] root:650 - CONFIG: dhFile (str): $SPLUNK_HOME\etc\auth\splunkweb\DH_2048.pem 
INFO    [58b61fb8082234be0] root:650 - CONFIG: docsCheckerBaseURL (str): https://quickdraw.splunk.com/help 
INFO    [58b61fb8082234be0] root:650 - CONFIG: ecdhCurves (str): secp384r1,secp521r1 
INFO    [58b61fb8082234be0] root:650 - CONFIG: embed_footer (str): splunk>
INFO    [58b61fb8082234be0] root:650 - CONFIG: embed_uri (str): 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enableSplunkWebClientNetloc (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enableSplunkWebSSL (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enableWebDebug (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_autocomplete_login (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_gzip (bool): True 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_insecure_login (bool): False 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_pivot_adhoc_acceleration (bool): True 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_proxy_write (bool): True 
INFO    [58b61fb8082234be0] root:650 - CONFIG: enable_risky_command_check (bool): True 
0 Karma

jcrabb_splunk
Splunk Employee
Splunk Employee

Just in case someone runs across this post. The solution is to put quotes around the setting:

dhFile = "$SPLUNK_HOME\etc\auth\splunkweb\DH2048.pem "

This same solution was also provided on another answers post:

I ran into a similar issue where if this was applied in server.conf without quotes, the splunk service would not start on Windows 2008 or 2012. A linux server was not affected. I have opened a bug to have this reviewed but wanted to comment here so others can see this.

Jacob
Sr. Technical Support Engineer

xavierashe
Contributor

I don't see any errors there. Look in your log files for "ERROR".

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...