Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to bypass https in peer configuration and use http

himaniarora20
Explorer
‎11-30-2023 06:50 AM

I am trying to set up POC for Splunk indexing and the manager node is up, but runs on an HTTP link (Certificate is not there yet) instead of HTTPS.

While configuring the peer when I provide the address of master node, I am getting the below error:

himaniarora20_1-1701355744543.png

 

Is there a way to bypass this or create a dummy certificate for Splunk?

Labels (1)
Labels
0 Karma
Reply

himaniarora20
Explorer
‎11-30-2023 10:52 AM

I have tried the steps and created the certificate using these three documents:
https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/Howtoself-signcertificates
https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/HowtoprepareyoursignedcertificatesforSpl...

https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/ConfigureSplunkforwardingtousesignedcert...

 

web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath = /opt/splunk/etc/auth/mycerts/myServerPrivateKey.key
serverCert = /opt/splunk/etc/auth/mycerts/myServerCertificate.pem

 

server.conf

[sslConfig]
enableSplunkdSSL = true
sslRootCAPath = /opt/splunk/etc/auth/mycerts/myCertAuthCertificate.pem
sslPassword = <encrypted>

 

inputs.conf

[default]
host = splunkpoc2.company.com

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = /opt/splunk/etc/auth/mycerts/myServerCertificate.pem
sslPassword = $7$UeC5PhW3bITaydrFnqv0+iOwOC+ItQN/CDEZcvtLovDBwTJt
requireClientCert = true
sslVersions = *,-ssl2
sslCommonNameToCheck = indexerpoc1.company.com,indexerpoc2.company.com

 

Splunk Web comes up correctly but again the HTTP is not getting redirected to https:

himaniarora20_0-1701370303136.png

 

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-30-2023 11:48 AM

hi @himaniarora20 ,

this is for using SSL in connection between UFs and IDXs, you don't need to do anything to use self signed certificates in internal connections.

Ciao.

Giuseppe

0 Karma
Reply

himaniarora20
Explorer
‎11-30-2023 12:47 PM

Then what should I do for getting the server up on HTTP?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-30-2023 01:51 PM

Here is a conf presentation about TLS certs https://conf.splunk.com/watch/conf-online.html?locale=watch&search.event=conf23&search=SEC1936B#/

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-30-2023 08:01 AM

Hi @himaniarora20 ,

I completely agree with @isoutamo , you cannot use internal Splunk connection without https.

If you don't have your own certificate, you can use the default certificate produced by the internal Splunk Certification Authority until you'll have your own.

Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-30-2023 07:00 AM

Hi

if you don't create / use your own certificates then spunk create automatic it's own with Splunk's default CA. You don't need to do anything, just install and start splunk and you have TLS cert on splunkd. Actually I don' t know if there is any way to use it without TLS cert!

If you want to replication port with TLS certs, those you must create and configure by yourself. Default way in PoC is to use plain text connections.

If/when you want to use TLS also on those, you should look from docs https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwit... and/or .conf presentation https://conf.splunk.com/files/2023/slides/SEC1936B.pdf

r. Ismo

Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top