Hello, after 2 days of trying hard on this problem, I finally give up and now I am posting it here.
Well, I need to set up my Splunk REST API with my own self-signed certificates. I've already configured the usage of my own self-signed certificates for SplunkWeb, but I'm stuck on the configuration for the REST API 8089 Port.
Here's the problem :
I've already generated my own server certificates thanks to the Splunk docs :
located in /Application/Splunk/etc/auth/myNewCerts
Here's my configuration file server.conf in /Applications/Splunk/etc/system/local
When I run commands to verify the matches between my certs and my keys, they match and when I start Splunk everything looks ok.
But when I check the log file at /Applications/Splunk/var/log/splunk/splunkd.log :
$ tail -f splunkd.log | grep ERR
04-25-2018 16:42:50.272 +0200 ERROR ExecProcessor - message from "python /Applications/Splunk/etc/apps/splunk_instrumentation/bin/on_splunk_start.py" ERROR:InstrumentationInit:[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676)
04-25-2018 16:42:52.779 +0200 ERROR ExecProcessor - message from "python /Applications/Splunk/etc/apps/splunk_monitoring_console/bin/dmc_config.py" Socket error communicating with splunkd (error=[X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:2768)), path = /services/shcluster/config?output_mode=json
openssl version : OpenSSL 1.0.2o 27 Mar 2018
OS version : macOS Sierra Version 10.12.6 (16G29)
Python version : Python 2.7.14
When i set the option "requireClientCert = false" instead of true, i can connect myself on the 8089 interface (https://localhost:8089) with my own certificate added on my computer. Then when i try to connect to "https://[myip]:8089" with another computer on the same local network, it request a valid certificate that the computer hasnt, so it cant connect
. But the splunkweb interface is still accesible via "https://[myi p]:8000" from any other computer.
I dont know how its works ??