Installation

Setting up SplunkWeb for splunk 6.2.0

divyamudundi
Path Finder

Hello,

I have set up splunkweb for one of our instance (splunk 6.2.0) as per http://docs.splunk.com/Documentation/Splunk/6.2.0/Security/SecureSplunkWebusingasignedcertificate .

Now when I bring up the splunkweb, it still says NotSecure when I try to access the web, and the error I see in the certificate is "the issuer of the certificate cannot be found" . And when I check the chain of the certificate I only have the leaf, whereas my .pem in caCertPath has both caroot and leaf in the certificate chain

Do I have to explicitly mention the rootca in the \system\local\web.conf?

Any inputs are appreciated. I am lost in this.

Thank you,
DIvya

Tags (1)
0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

If it is self signed certificate, do you have CA & Intermediate certificate installed on your browser ??

0 Karma

divyamudundi
Path Finder

Thank you for the response harsmarvania.

I am aware of the fact that the trusted root ca needs to be installed in your trusted root's incase if the certificate is a self signed.

Here in our scenario, ours is a self signed certificate, and to have the CA Installed as a trusted root on every user OS is not possible for us. So I was looking if we can bypass this exception somehow.

Note: All users who will be accessing this web are within the org.

Thank you,
Divya

0 Karma

FrankVl
Ultra Champion

Doesn't your organization have some process for getting properly signed certs, by a CA that is trusted by all the user's OS/browser?

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

If you can't install self signed certificate in every user's OS, then you will not achieve secure connection from user's machine to splunk. In that case I'll suggest to disable HTTPS on Splunkweb.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!