Troubleshooting SSL Error on Forwarder

pauldr01 · ‎04-29-2019

I am troubleshooting an SSL error.

I am receiving this error:
ERROR SSLCommon - Can't read key file C:\Program Files\SplunkUniversalForwarder\etc\auth\mycerts\server_cert.pem

I understand that it may be that the file can't read the hash. I'm trying to test my password to the server_cert.pem and I receive this error:
PS C:\Program Files\SplunkUniversalForwarder\bin> .\openssl rsa -in "C:\Program Files\SplunkUniversalForwarder\etc\auth\mycerts\server_cert.pem" -text
WARNING: can't open config file: C:\jnkns\workspace\build-home/ssl/openssl.cnf
unable to load Private Key
6980:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:697:Expecting: ANY PRIVATE KEY

The openssl.cnf is located in the C:\Program Files\SplunkUniversalForwarder\openssl.cnf, so I do not know how its referring to C:\jnkns\workspace\build-home/ssl/openssl.cnf.

I am not even prompted for a password.

Questions:
1. How do I change the path from C:\jnkns\workspace\build-home/ssl/openssl.cnf to C:\Program Files\SplunkUniversalForwarder\openssl.cnf
2. Is it possible to enable SSL using the password hash for the server_cert.pem?
3. Does anyone have successful steps to follow to enable SSL (outside the splunk documentation)?

santhoshi · ‎08-02-2021

To answer the first question.. When installing Splunk the necessary file is placed in "C:\Program Files\Splunk\openssl.cnf". Installing Splunk does not set the %OPENSSL_CONF% system variable that points to the file.

Use the following to see if the system variable is set:
echo %OPENSSL_CONF%

If the variable is not set you can tell Windows to use the configuration file provided by Splunk.
set OPENSSL_CONF=c:\Program Files\Splunk\openssl.cnf

spluzer · ‎10-09-2020

Any update on this...getting the exact same thing?????

Troubleshooting SSL Error on Forwarder

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!