CSR on Windows 2003 Server


What is the procedure for generating a CSR on a Windows 2003 server for Splunkweb?

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

In general you can use whatever procedure you want. In the end, you will three items to configure Splunk though:

  • Your cert private key, saved in PEM format, without a password. This will be generated when you create your CSR. You can use the openssl tool to convert certificate formats and to remove passwords.
  • Your public key certificate, also in PEM format, which you will receive from your CA.
  • The CA's public key or public key chain, again in PEM, which should be readily available from them.

However you can get these items doesn't matter to SplunkWeb.

0 Karma

Splunk Employee
Splunk Employee

The admin manual details how to generate a Certificate Signing Request. Here is a snippet from the 4.12 admin manual as it exists today:

Generate a CSR (Certificate Signing Request)

If your organization requires that your Splunk deployment use a certificate signed by an external CA or you otherwise wish to use certificates signed by a root certificate other than the default Splunk authority, you can use the following procedure to generate the CSR to send to the CA:

openssl req -new -key [certificate name].pem -out [certificate name].csr

You are prompted for the following X.509 attributes of the certificate:

* Country Name: Use the two-letter code without punctuation for country, for example: US or GB.
* State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: California
* Locality or City: The Locality is the city or town name, for example: Oakland. Do not abbreviate. For example: Los Angeles, not LA, Saint Louis, not St. Louis.
* Company: If your company or department contains an &, @, or any other non-alphanumeric symbol that requires you to use the shift key, you must spell out the symbol or omit it. For example, Fflanda & Rhallen Corporation would be Fflanda Rhallen Corporation or Fflanda and Rhallen Corporation.
* Organizational Unit: This field is optional; but you can specify it to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, press Enter.
* Common Name: The Common Name is the Host + Domain Name, for example or This must match the host name of the server where you intend to deploy the certificate exactly. 

This creates a private key ([certificate name].key), which is stored locally on your server, and a CSR ([certificate name].csr), which contains the public key associated with the private key. You can then use this information to request a signed certificate from an external CA.

To copy and paste the information into your CA's enrollment form, open the .csr file in a text editor and save it as a .txt file.

Note: Do not use Microsoft Word; it can insert extra hidden characters that alter the contents of the CSR.

Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...