Deployment Architecture

How to bypass https in peer configuration and use http

himaniarora20
Explorer

I am trying to set up POC for Splunk indexing and the manager node is up, but runs on an HTTP link (Certificate is not there yet) instead of HTTPS.

While configuring the peer when I provide the address of master node, I am getting the below error:

himaniarora20_1-1701355744543.png

 

Is there a way to bypass this or create a dummy certificate for Splunk?

Labels (1)
0 Karma

himaniarora20
Explorer

I have tried the steps and created the certificate using these three documents:
https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/Howtoself-signcertificates
https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/HowtoprepareyoursignedcertificatesforSpl...

https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/ConfigureSplunkforwardingtousesignedcert...

 

web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath = /opt/splunk/etc/auth/mycerts/myServerPrivateKey.key
serverCert = /opt/splunk/etc/auth/mycerts/myServerCertificate.pem

 

server.conf

[sslConfig]
enableSplunkdSSL = true
sslRootCAPath = /opt/splunk/etc/auth/mycerts/myCertAuthCertificate.pem
sslPassword = <encrypted>

 

inputs.conf

[default]
host = splunkpoc2.company.com

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = /opt/splunk/etc/auth/mycerts/myServerCertificate.pem
sslPassword = $7$UeC5PhW3bITaydrFnqv0+iOwOC+ItQN/CDEZcvtLovDBwTJt
requireClientCert = true
sslVersions = *,-ssl2
sslCommonNameToCheck = indexerpoc1.company.com,indexerpoc2.company.com

 

Splunk Web comes up correctly but again the HTTP is not getting redirected to https:

himaniarora20_0-1701370303136.png

 

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

hi @himaniarora20 ,

this is for using SSL in connection between UFs and IDXs, you don't need to do anything to use self signed certificates in internal connections.

Ciao.

Giuseppe

0 Karma

himaniarora20
Explorer

Then what should I do for getting the server up on HTTP?

0 Karma

isoutamo
SplunkTrust
SplunkTrust
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @himaniarora20 ,

I completely agree with @isoutamo , you cannot use internal Splunk connection without https.

If you don't have your own certificate, you can use the default certificate produced by the internal Splunk Certification Authority until you'll have your own.

Ciao.

Giuseppe

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

if you don't create / use your own certificates then spunk create automatic it's own with Splunk's default CA. You don't need to do anything, just install and start splunk and you have TLS cert on splunkd. Actually I don' t know if there is any way to use it without TLS cert!

If you want to replication port with TLS certs, those you must create and configure by yourself. Default way in PoC is to use plain text connections.

If/when you want to use TLS also on those, you should look from docs https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwit... and/or .conf presentation https://conf.splunk.com/files/2023/slides/SEC1936B.pdf

r. Ismo

Get Updates on the Splunk Community!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Enhance Security Operations with Automated Threat Analysis in the Splunk EcosystemAre you leveraging ...

Splunk Developers: Go Beyond the Dashboard with These .Conf25 Sessions

  Whether you’re building custom apps, diving into SPL2, or integrating AI and machine learning into your ...

Index This | How do you write 23 only using the number 2?

July 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...