I have set up splunkweb for one of our instance (splunk 6.2.0) as per http://docs.splunk.com/Documentation/Splunk/6.2.0/Security/SecureSplunkWebusingasignedcertificate .
Now when I bring up the splunkweb, it still says NotSecure when I try to access the web, and the error I see in the certificate is "the issuer of the certificate cannot be found" . And when I check the chain of the certificate I only have the leaf, whereas my .pem in caCertPath has both caroot and leaf in the certificate chain
Do I have to explicitly mention the rootca in the \system\local\web.conf?
Any inputs are appreciated. I am lost in this.
If it is self signed certificate, do you have CA & Intermediate certificate installed on your browser ??
Thank you for the response harsmarvania.
I am aware of the fact that the trusted root ca needs to be installed in your trusted root's incase if the certificate is a self signed.
Here in our scenario, ours is a self signed certificate, and to have the CA Installed as a trusted root on every user OS is not possible for us. So I was looking if we can bypass this exception somehow.
Note: All users who will be accessing this web are within the org.
Doesn't your organization have some process for getting properly signed certs, by a CA that is trusted by all the user's OS/browser?
If you can't install self signed certificate in every user's OS, then you will not achieve secure connection from user's machine to splunk. In that case I'll suggest to disable HTTPS on Splunkweb.