Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to bypass https in peer configuration and use http

himaniarora20
Explorer
‎11-30-2023 06:50 AM

I am trying to set up POC for Splunk indexing and the manager node is up, but runs on an HTTP link (Certificate is not there yet) instead of HTTPS.

While configuring the peer when I provide the address of master node, I am getting the below error:

himaniarora20_1-1701355744543.png

 

Is there a way to bypass this or create a dummy certificate for Splunk?

Labels (1)
Labels
0 Karma
Reply

himaniarora20
Explorer
‎11-30-2023 10:52 AM

I have tried the steps and created the certificate using these three documents:
https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/Howtoself-signcertificates
https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/HowtoprepareyoursignedcertificatesforSpl...

https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/ConfigureSplunkforwardingtousesignedcert...

 

web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath = /opt/splunk/etc/auth/mycerts/myServerPrivateKey.key
serverCert = /opt/splunk/etc/auth/mycerts/myServerCertificate.pem

 

server.conf

[sslConfig]
enableSplunkdSSL = true
sslRootCAPath = /opt/splunk/etc/auth/mycerts/myCertAuthCertificate.pem
sslPassword = <encrypted>

 

inputs.conf

[default]
host = splunkpoc2.company.com

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = /opt/splunk/etc/auth/mycerts/myServerCertificate.pem
sslPassword = $7$UeC5PhW3bITaydrFnqv0+iOwOC+ItQN/CDEZcvtLovDBwTJt
requireClientCert = true
sslVersions = *,-ssl2
sslCommonNameToCheck = indexerpoc1.company.com,indexerpoc2.company.com

 

Splunk Web comes up correctly but again the HTTP is not getting redirected to https:

himaniarora20_0-1701370303136.png

 

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-30-2023 11:48 AM

hi @himaniarora20 ,

this is for using SSL in connection between UFs and IDXs, you don't need to do anything to use self signed certificates in internal connections.

Ciao.

Giuseppe

0 Karma
Reply

himaniarora20
Explorer
‎11-30-2023 12:47 PM

Then what should I do for getting the server up on HTTP?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-30-2023 01:51 PM

Here is a conf presentation about TLS certs https://conf.splunk.com/watch/conf-online.html?locale=watch&search.event=conf23&search=SEC1936B#/

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-30-2023 08:01 AM

Hi @himaniarora20 ,

I completely agree with @isoutamo , you cannot use internal Splunk connection without https.

If you don't have your own certificate, you can use the default certificate produced by the internal Splunk Certification Authority until you'll have your own.

Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-30-2023 07:00 AM

Hi

if you don't create / use your own certificates then spunk create automatic it's own with Splunk's default CA. You don't need to do anything, just install and start splunk and you have TLS cert on splunkd. Actually I don' t know if there is any way to use it without TLS cert!

If you want to replication port with TLS certs, those you must create and configure by yourself. Default way in PoC is to use plain text connections.

If/when you want to use TLS also on those, you should look from docs https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwit... and/or .conf presentation https://conf.splunk.com/files/2023/slides/SEC1936B.pdf

r. Ismo

Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...