Setting up SplunkWeb for splunk 6.2.0

divyamudundi · ‎02-07-2018

Hello,

I have set up splunkweb for one of our instance (splunk 6.2.0) as per http://docs.splunk.com/Documentation/Splunk/6.2.0/Security/SecureSplunkWebusingasignedcertificate .

Now when I bring up the splunkweb, it still says NotSecure when I try to access the web, and the error I see in the certificate is "the issuer of the certificate cannot be found" . And when I check the chain of the certificate I only have the leaf, whereas my .pem in caCertPath has both caroot and leaf in the certificate chain

Do I have to explicitly mention the rootca in the \system\local\web.conf?

Any inputs are appreciated. I am lost in this.

Thank you,
DIvya

harsmarvania57 · ‎02-08-2018

If it is self signed certificate, do you have CA & Intermediate certificate installed on your browser ??

divyamudundi · ‎02-08-2018

Thank you for the response harsmarvania.

I am aware of the fact that the trusted root ca needs to be installed in your trusted root's incase if the certificate is a self signed.

Here in our scenario, ours is a self signed certificate, and to have the CA Installed as a trusted root on every user OS is not possible for us. So I was looking if we can bypass this exception somehow.

Note: All users who will be accessing this web are within the org.

Thank you,
Divya

FrankVl · ‎02-09-2018

Doesn't your organization have some process for getting properly signed certs, by a CA that is trusted by all the user's OS/browser?

harsmarvania57 · ‎02-09-2018

If you can't install self signed certificate in every user's OS, then you will not achieve secure connection from user's machine to splunk. In that case I'll suggest to disable HTTPS on Splunkweb.

Setting up SplunkWeb for splunk 6.2.0

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms