https://community.splunk.com/t5/Security/Self-signed-certificate-without-warnings/m-p/420906#M10003 <P>Has anybody figured out how to use a self-signed certificate without getting a warning that it's invalid?<BR /> I can access Splunk anyway and it does in fact use my certificate, but for the long haul I would want there to be no annoying warnings.<BR /> I followed these instructions exactly:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Self-signcertificatesforSplunkWeb">https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Self-signcertificatesforSplunkWeb</A><BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/SecureSplunkWebusingasignedcertificate">https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/SecureSplunkWebusingasignedcertificate</A><BR /> I imported the myCACertificate.pem into Chrome by the way. <BR /> It's also a testing environment with no live feeds.</P> Thu, 01 Aug 2019 13:33:07 GMT splunklearner12 2019-08-01T13:33:07Z https://community.splunk.com/t5/Security/Self-signed-certificate-without-warnings/m-p/420906#M10003 <P>Has anybody figured out how to use a self-signed certificate without getting a warning that it's invalid?<BR /> I can access Splunk anyway and it does in fact use my certificate, but for the long haul I would want there to be no annoying warnings.<BR /> I followed these instructions exactly:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Self-signcertificatesforSplunkWeb">https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Self-signcertificatesforSplunkWeb</A><BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/SecureSplunkWebusingasignedcertificate">https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/SecureSplunkWebusingasignedcertificate</A><BR /> I imported the myCACertificate.pem into Chrome by the way. <BR /> It's also a testing environment with no live feeds.</P> Thu, 01 Aug 2019 13:33:07 GMT https://community.splunk.com/t5/Security/Self-signed-certificate-without-warnings/m-p/420906#M10003 splunklearner12 2019-08-01T13:33:07Z https://community.splunk.com/t5/Security/Self-signed-certificate-without-warnings/m-p/420907#M10004 <P>Chrome is telling me the certificate is invalid because it doesn't specify Subject Alternative Names.<BR /> I tried following instructions from these two links:<BR /> <A href="https://answers.splunk.com/answers/476596/how-to-generate-csr-files-with-subjectaltnames-san.html" target="_blank">https://answers.splunk.com/answers/476596/how-to-generate-csr-files-with-subjectaltnames-san.html</A><BR /> <A href="https://www.hurricanelabs.com/splunk-tutorials/splunk-certificates-master-guide" target="_blank">https://www.hurricanelabs.com/splunk-tutorials/splunk-certificates-master-guide</A><BR /> Basically, editing the file $SPLUNK_HOME/openssl/openssl.cnf to uncomment the line "req_extensions = v3_req" and included this under the stanza [v3_req]: subjectAltName=DNS:splunk.a.b.c.d, DNS:splunk, IP:127.0.0.1<BR /> Obviously, a.b.c.d is replaced with the real domain. For info, I access splunk web using the internal URL <A href="https://splunk:8000" target="_blank">https://splunk:8000</A></P> Wed, 30 Sep 2020 01:39:28 GMT https://community.splunk.com/t5/Security/Self-signed-certificate-without-warnings/m-p/420907#M10004 splunklearner12 2020-09-30T01:39:28Z https://community.splunk.com/t5/Security/Self-signed-certificate-without-warnings/m-p/420908#M10005 <P>As a workaround, Firefox accepts the certificate with a green lock icon.</P> Wed, 07 Aug 2019 15:13:26 GMT https://community.splunk.com/t5/Security/Self-signed-certificate-without-warnings/m-p/420908#M10005 splunklearner12 2019-08-07T15:13:26Z https://community.splunk.com/t5/Security/Self-signed-certificate-without-warnings/m-p/420909#M10006 <P>Did you ever manage to add SAN into the pem? I have it in the csr, but not in the final pem. <BR /> I assume it should be seen from the myCACertificate.pem file after this? Looks like it is not.</P> <P>/opt/splunk/bin/splunk cmd openssl x509 -req -in myCACertificate.csr -sha256 -signkey myCAPrivateKey.key -CAcreateserial -out myCACertificate.pem -days 3650</P> Mon, 30 Sep 2019 16:50:11 GMT https://community.splunk.com/t5/Security/Self-signed-certificate-without-warnings/m-p/420909#M10006 JykkeDaMan 2019-09-30T16:50:11Z