Security

Are wildcard certificates supported with Splunk and https?

maverick
Splunk Employee
Splunk Employee

wondering if Splunk https works with third-party wildcard certs.

so far I got my Splunk indexer to start using my third-party wildcard cert by changing web.conf to use the absolute path vs the relative path that the Splunk doc pages suggest, but splunk/https won't serve pages.

We have a third-party cert we use so that https://*.com is signed.

Since this can be insecure and may be hard to do, many vendors will only support certificates that go to a specific dns cname or a record, such as https://splunk.abc123.com

My web.conf is:

[settings]
enableSplunkWebSSL = 1
privKeyPath = /etc/foo/certs/_.abc123.com.pem
caCertPath = /etc/foo/cert.pem

Splunk Web server starts with no errors, but when I hit the login page I get:


ssl_error_no_cypher_overlap

Can anyone confirm if wildcard certs with Splunk are really supported or not?

0 Karma

gareth
Splunk Employee
Splunk Employee

I've used splunkweb with wildcard certificates before with no problems - Have you tried accessing it with openssl to see if that reveals any more specific information? Also check web_service.log to confirm that it's loaded the certificate without error

openssl s_client -connect hostname:port 
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...