Why is my splunk installation failing to generate ...

sukeerthij · ‎11-28-2018

splunk installation is failing to generate cert.pem

./splunk start

Splunk> Now with more code!

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/home/suk/opt/splunk/splunk-7.2.1-be11b2c46e23-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Generating a 2048 bit RSA private key
...............................................+++++
........+++++

writing new private key to 'privKeySecure.pem'

Signature ok
subject=/CN=localhost.localdomain/O=SplunkUser
/home/suk/opt/splunk/$SPLUNK_HOME/etc/auth/splunkweb/cert.pem: No such file or directory
Command failed (ret=1), exiting.

fearofcasanova · ‎09-06-2019

I know this is old but while setting up a lab to do some clustering I ran into this issue after making some of the "appropriate settings". To get around this for the sake of getting the lab stood up I just removed that part of the line in the:

splunk_dir/etc/system/local/web.conf (have to copy this from /default or you can hand type everything out)

for the privKeyPath and serverCert, I basically removed the $SPLUNK_HOME part so that it was just

etc/auth/splunkweb/privkey.pem
etc/auth/splunkweb/cert.pem

(running a cmaster, dserver and fwdr on one server, an indexer cluster on one server, and search heads on another)
Would I do this for a single install or enterprise installation - heck no. This is only for personal labbing.

In your case:
File causing error and where you should fix - /home/suk/opt/splunk/etc/system/default/web.conf
copy that to
/home/suk/opt/splunk/etc/system/local/

imagine in that web.conf file you have
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pe,
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem

you would want (if you are just trying to get it to work)
privKeyPath = etc/auth/splunkweb/privkey.pem
serverCert = etc/auth/splunkweb/cert.pem

Previous comment is right, you want to install in the /opt/splunk - for me I wanted to "mock up" the lab environment for cluster admin so...

im_bharath · ‎10-20-2022

Hey @fearofcasanova ,

Thanks for the answer, this worked like a charm and now my splunkweb is up and running.

Thanks,

bjoernjensen · ‎12-06-2018

Hey,

do you execute everything in context of user suk? Usually you have a seperate user and you kind of want to install splunk in /opt/splunk. To do this automagically (and also set SPLUNK_HOME) you can install splunk using your package manager (DEB/RPM):
http://docs.splunk.com/Documentation/Splunk/7.2.1/SearchTutorial/InstallSplunk#Install_the_Splunk_En...

To your problem: This directory seems broken:
/home/suk/opt/splunk/$SPLUNK_HOME/etc/auth/splunkweb/

It should be: $SPLUNK_HOME/etc/auth/splunkweb/ with $SPLUNK_HOME being set.

or

/home/suk/opt/splunk/etc/auth/splunkweb/ as absolute path.

What does echo "$SPLUNK_HOME"print?

Cheerz,
Björn

dkeck · ‎11-28-2018

HI

Is it owned by the same user/group as the splunkd process? Have you used "chown -R" for your splunk home to be sure?

Kind Regards

dkeck · ‎12-06-2018

Any luck with that?

Why is my splunk installation failing to generate cert.pem?

writing new private key to 'privKeySecure.pem'

other

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!