Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I Embed Splunk SSL cert in client application?

tesme
New Member
‎08-21-2018 12:48 PM

My program has a variable, a string that contains the Splunk PEM certificate. Every request that is sent to the API includes my program verifying the cert being presented by the Splunk server is the one in the application. Okay so the error message I get is that:
"Couldn't login to splunk: Post https://10.0.0.18:8089/services/auth/login: x509: cannot validate certificate for 10.0.0.18 because it doesn't contain any IP SANs"

What am I missing here? There must be something about the Splunk architecture I am missing as related to certificates. BTW this is a FREE spunk server I am running at home.

Tags (1)
0 Karma
Reply

renjith_nair
SplunkTrust
SplunkTrust
‎08-21-2018 08:57 PM

@tesme,

The error says that the the IP you are trying to connect is not part of the Subject Alternative Names (SAN).
SSL needs identification of the peer, otherwise your connection might be against a man-in-the-middle which decrypts + sniffs/modifies the data and then forwards them encrypted again to the real target. Identification is done with x509 certificates which need to be validated against a trusted CA and which need to identify the target you want to connect to.

Usually the target is given as a hostname and this is checked against the subject and subject alternative names of the certificate. In this case your target is a IP. To validate the certificate successfully the IP must be given in the certificate inside the subject alternative names section, but not as an DNS entry (e.g. hostname) but instead as IP.

You could try connecting with hostname or create new certificate pairs. If you are at a home network, probably you could disable the hostname verification from the client side or disable the ssl (not recommended though)

Happy Splunking!
0 Karma
Reply

tesme
New Member
‎08-28-2018 04:27 PM

How do you recommend adding in an IP SAN while creating a new self signed certificate in Splunk?

0 Karma
Reply

tesme
New Member
‎08-28-2018 04:42 PM

By the way, I am running a free splunk instance in virtual box.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...