HI, I have configured SSL in Splunk . It is not self signed but issued by Certified Authority.
I have enabled https option from Splunk GUI also. I am using 7.1.1 version.
Now, the problem is . If I open my SH with https it is opening, but Certificate Error is giving :
This page is not secure (broken HTTPS).
Certificate - Subject Alternative Name missing
The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.
View certificate
Certificate - missing
The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID
I am getting this by pressing F12 and Security tab and my URL is becoming red and https is getting striked out.
Kindly help in solving this !!
You need a certificate that specifies the alt name, which doesn't happen when in the Splunk guide for cert creation.
One option would be to follow Step 3 in this guide. If you have a single server that creates all your certificates, you would need to change openssl.cnf before each cert creation. FYI, changing these type of files will cause a manifest error until you either put the old file back or upgrade.
https://www.hurricanelabs.com/splunk-tutorials/splunk-certificates-master-guide
#Edit the openSSL file
vi /opt/splunk/openssl/openssl.cnf
# Uncomment out the Request Extensions options
# Optional: Use "/" to search for req_extensions
Change FROM: #req_extensions = v3_req # The extensions to add to a certificate request
TO: req_extensions = v3_req # The extensions to add to a certificate request
# Optional: Use "/" to search for v3_req
#Add extended key usage 'subjectAltName = DNS:<FQDN>, DNS:<hostname>, IP:<ip_address>'
You've kind of answered your own question, but the error is because the certificate specified in the CN field of your certificate and your host don't match.
Here are some helpful steps if you are using Linux and Splunk Home is "/opt/splunk"
I - Find what host your using
/opt/splunk/bin/splunk btool web list | grep serverCert
2 - Check your CN
/opt/splunk/bin/splunk cmd openssl x509 -in .pem -text | grep Subject:
It could be something as simple as just needing to specify the FQDN
How did you fix this?
Thanks it is solved, I did it myself !!
Please provide input on what you did to fix this issue.