Archive

Why does Splunk web give me an ="ERROR">Unauthorized when I configure trusted CA certificates?

Path Finder

I have 2 search heads and I've acquired TLS certs from my trusted CA that I'm using to secure web traffic to the search heads. On one search head I configured the web.conf in $SPLUNK_HOME/etc/system/local/ as per documentation. On one search head everything works fine but on the other I am receiving the following error:

Unauthorized

The only way I can get this work is to modify the web.conf in $SPLUNK_HOME/etc/system/default/, which is not the recommended way. Besides, whenever there is a Splunk upgrade that wipes out the settings.

We found out that when Splunk PS set this up last year, this second server did not have a web.conf file in $SPLUNK_HOME/etc/system/local/. I had to copy from the Default directory but something obviously isn't kosher and I am looking for help determining the issue.
Thanks guys!

Tags (1)
0 Karma
1 Solution

Path Finder

Figured it out. Apparently Splunk didn't like me copying over an entire directory and modifying it. I deleted the web.conf file, recreated it then copy and pasted in the stanzas from a sample file. That worked fine.

View solution in original post

0 Karma

Path Finder

Figured it out. Apparently Splunk didn't like me copying over an entire directory and modifying it. I deleted the web.conf file, recreated it then copy and pasted in the stanzas from a sample file. That worked fine.

View solution in original post

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!