Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can you use 3rd party cert for Splunk Web while using another self-signed client-side cert connecting to Splunk API 8089?

iamjvn
Explorer
‎03-07-2018 10:28 AM

It seems the Splunk Web application does not allow for configuration to serve a 3rd party certs for Splunk Web 443, while using another client-side cert connecting to Splunk API 8089. Is my conclusion correct?

I'm referring to the following 2 types of exchanges:
1. Browser (client) to Splunk Web 443/8443 (server) - 3rd party certs with 3rd party root CA - WORKS
2. Splunk Web (client) to Splunkd 8089 (server) - self-signed with own CA root cert - DOES NOT WORK - The 3rd party cert is provided by Splunk Web as the client-side cert, which is not what I want.

My problem is that connection #2 does not authenticate the Splunk Web client because it seems I cannot configure it to use a different certificate for the Splunk Web client-side of the connection to Splunkd.

server.conf:

[sslConfig]
serverCert=/my-own-certs/self-signed-certificate1.pem
requireClientCert=true

web.conf:

[settings]
serverCert=/provided-certs/3rd-party-certificate.pem

What am I missing here?

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...