If your organization requires that your Splunk deployment use a certificate signed by an external CA or you otherwise wish to use certificates signed by a root certificate other than the default Splunk authority, you can use the following procedure to generate the CSR to send to the CA:
You are prompted for the following X.509 attributes of the certificate:
* Country Name: Use the two-letter code without punctuation for country, for example: US or GB.
* State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: California
* Locality or City: The Locality is the city or town name, for example: Oakland. Do not abbreviate. For example: Los Angeles, not LA, Saint Louis, not St. Louis.
* Company: If your company or department contains an &, @, or any other non-alphanumeric symbol that requires you to use the shift key, you must spell out the symbol or omit it. For example, Fflanda & Rhallen Corporation would be Fflanda Rhallen Corporation or Fflanda and Rhallen Corporation.
* Organizational Unit: This field is optional; but you can specify it to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, press Enter.
* Common Name: The Common Name is the Host + Domain Name, for example www.company.com or company.com. This must match the host name of the server where you intend to deploy the certificate exactly.
This creates a private key ([certificate name].key), which is stored locally on your server, and a CSR ([certificate name].csr), which contains the public key associated with the private key. You can then use this information to request a signed certificate from an external CA.
To copy and paste the information into your CA's enrollment form, open the .csr file in a text editor and save it as a .txt file.
Note: Do not use Microsoft Word; it can insert extra hidden characters that alter the contents of the CSR.