topic Re: How to configure REST API to use third party TLS certs in Security

How to configure REST API to use third party TLS certs

scottj1y — Thu, 15 Jul 2021 21:23:30 GMT

Is there a way to configure the management port, which is being used to access the REST API, to use the TLS certs we have from DigiCert?

I have server.conf set up with serverCert pointing to the location of that file. However, when I check using openssl on that port we get the certificate that ships with Splunk despite setting up server.conf to use the certificate from DigiCert.

Note, web access does correctly use the DigiCert certificate. It's just access over the managment port doesn't.

Re: How to configure REST API to use third party TLS certs

venkatasri — Fri, 16 Jul 2021 06:51:51 GMT

Hi @scottj1y

If you are using same/different cert for both web access port 8000 the config goes to web.conf, and management port 8089 where Rest API's can be accessible shall go to server.conf [sslConfig].

Hope you have done the restart after changes, and did you check if there are multiple versions of server.conf having splunk default certs taking precedence?

---

An upvote would be appreciated if this reply helps!

Re: How to configure REST API to use third party TLS certs

venkatasri — Fri, 16 Jul 2021 06:52:24 GMT

@scottj1y You can run btool command to find where the default certs been pointed to.

Re: How to configure REST API to use third party TLS certs

scottj1y — Mon, 19 Jul 2021 15:08:08 GMT

I've already checked all that and even though server.conf is pointed to the correct certificate it still serving the default certificate that ships with Splunk.

I will check with BTool but I know both web.conf and server.conf are configured correctly. So my question was essentially, other than those two configuration files what other files would Splunk be using? It appears there's no documentation about any other configuration files that would affect this.