Can you use 3rd party cert for Splunk Web while us...

iamjvn · ‎03-07-2018

It seems the Splunk Web application does not allow for configuration to serve a 3rd party certs for Splunk Web 443, while using another client-side cert connecting to Splunk API 8089. Is my conclusion correct?

I'm referring to the following 2 types of exchanges:
1. Browser (client) to Splunk Web 443/8443 (server) - 3rd party certs with 3rd party root CA - WORKS
2. Splunk Web (client) to Splunkd 8089 (server) - self-signed with own CA root cert - DOES NOT WORK - The 3rd party cert is provided by Splunk Web as the client-side cert, which is not what I want.

My problem is that connection #2 does not authenticate the Splunk Web client because it seems I cannot configure it to use a different certificate for the Splunk Web client-side of the connection to Splunkd.

server.conf:

[sslConfig]
serverCert=/my-own-certs/self-signed-certificate1.pem
requireClientCert=true

web.conf:

[settings]
serverCert=/provided-certs/3rd-party-certificate.pem

What am I missing here?

deepashri_123 · ‎03-08-2018

hey iamjvn,

You can refer the following doc:
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...

https://docs.splunk.com/Documentation/Splunk/7.0.2/Security/Getthird-partycertificatesforSplunkWeb

https://docs.splunk.com/Documentation/Splunk/7.0.2/latest/SecureSplunkWebusingasignedcertificate

Let me know if this helps!!!

Can you use 3rd party cert for Splunk Web while using another self-signed client-side cert connecting to Splunk API 8089?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation