Can you use 3rd party cert for Splunk Web while us...

iamjvn · ‎03-07-2018

It seems the Splunk Web application does not allow for configuration to serve a 3rd party certs for Splunk Web 443, while using another client-side cert connecting to Splunk API 8089. Is my conclusion correct?

I'm referring to the following 2 types of exchanges:
1. Browser (client) to Splunk Web 443/8443 (server) - 3rd party certs with 3rd party root CA - WORKS
2. Splunk Web (client) to Splunkd 8089 (server) - self-signed with own CA root cert - DOES NOT WORK - The 3rd party cert is provided by Splunk Web as the client-side cert, which is not what I want.

My problem is that connection #2 does not authenticate the Splunk Web client because it seems I cannot configure it to use a different certificate for the Splunk Web client-side of the connection to Splunkd.

server.conf:

[sslConfig]
serverCert=/my-own-certs/self-signed-certificate1.pem
requireClientCert=true

web.conf:

[settings]
serverCert=/provided-certs/3rd-party-certificate.pem

What am I missing here?

deepashri_123 · ‎03-08-2018

hey iamjvn,

You can refer the following doc:
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...

https://docs.splunk.com/Documentation/Splunk/7.0.2/Security/Getthird-partycertificatesforSplunkWeb

https://docs.splunk.com/Documentation/Splunk/7.0.2/latest/SecureSplunkWebusingasignedcertificate

Let me know if this helps!!!

Can you use 3rd party cert for Splunk Web while using another self-signed client-side cert connecting to Splunk API 8089?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!