topic Unable to Access Splunk Web via HTTPS in Splunk Enterprise

Unable to Access Splunk Web via HTTPS

ielshahrori — Thu, 17 Jul 2025 12:15:38 GMT

I am currently facing an issue accessing the Splunk Web interface over HTTPS.

When I configure enableSplunkWebSSL = true in web.conf, the Splunk Web service appears to start normally, and the port 8000 is open. However, users are unable to reach the interface via the public IP using HTTPS.

When I change the configuration to enableSplunkWebSSL = false, and use HTTP instead, everything works fine — users can successfully access the Splunk Web interface on the public IP and port 8000.

Additional details:

There is full network connectivity; telnet to the public IP and port 8000 works.
The issue is reproducible across different browsers and devices.
The certificate used is the default self-signed certificate provided by Splunk.
The Splunk Web service log does not show any fatal errors.
I need to maintain HTTPS access for security compliance. Could you please assist in identifying the root cause and provide guidance on how to ensure HTTPS access works properly over the public IP?

Re: Unable to Access Splunk Web via HTTPS

livehybrid — Thu, 17 Jul 2025 12:30:10 GMT

Hi @ielshahrori

The issue you have is likely due to a mismatch between the default self-signed certificate's Common Name (CN), which is typically set to the Splunk server's hostname or localhost, and the public IP address used for access. This causes SSL/TLS handshake failures in browsers when attempting HTTPS connections (e.g., https://publicIP:8000), even though basic TCP connectivity (like telnet) succeeds on port 8000. Browsers enforce strict certificate validation, and self-signed certs with CN mismatches often result in "unable to reach" errors without an option to proceed unless explicitly overridden.

If you are using the public IP address over HTTPS then I assume you do not have a valid trusted certificate that the clients can validate for connecting to Splunk? Its not typical to have an SSL certificate that matches an IP address, instead you should have a hostname with DNS that resolves to the IP address of your Splunk server.

Then you will either need a Public Trusted SSL cert, or a self-signed cert which the clients have the root CA trusted one their system. You can then configure the custom SSL cert in Splunk:

Update web.conf (typically in $SPLUNK_HOME/etc/system/local/) with:

[settings]
  enableSplunkWebSSL = true
  serverCert = <path_to_your_new_cert.pem>

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Re: Unable to Access Splunk Web via HTTPS

PrewinThomas — Fri, 18 Jul 2025 04:55:27 GMT

@ielshahrori

When you enable HTTPS and access Splunk Web via a public IP, browsers attempt to validate the SSL certificate. The default Splunk self-signed certificate:

-Has a Common Name (CN) set to localhost or the server’s hostname
-Does not match the public IP address
-Is not trusted by browsers

Replace the Default Self-Signed Certificate
Option A: Use a DNS Hostname
Assign a DNS name (e.g., splunk.test.com) pointing to your public IP.

Generate a certificate for that hostname using:
A commercial CA (e.g., DigiCert, Sectigo)Or a free CA like Let’s Encrypt

Access Splunk Web via https://splunk.test.com:8000

Option B: Use a Self-Signed Cert with Public IP as CN
Generate a self-signed certificate with the CN set to your public IP.

Install the root certificate on client machines to avoid trust warnings.
Note: I would not recommend this for production or external access due to browser limitations, trust issues, compliance and best practices.

Refer#https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.3/secure-splunk-platform-communications-with-transport-layer-security-certificates/how-to-create-and-sign-your-own-tls-certificates

Install the Certificate in Splunk
Place the new certificate and key files on your Splunk server.

Edit $SPLUNK_HOME/etc/system/local/web.conf:

[settings] enableSplunkWebSSL = true serverCert = /opt/splunk/etc/auth/custom_ssl/splunk_cert.pem privKeyPath = /opt/splunk/etc/auth/custom_ssl/splunk_key.pem

Then restart Splunk

Also you can refer #https://docs.splunk.com/Documentation/Splunk/9.4.2/Security/SecureSplunkWebusingasignedcertificate

Regards,
Prewin
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!