Solved: Re: How do i use intermediate SSL chain certs on s...

Chris_R_ · ‎04-27-2010

We are Using Godaddy SSL certificates for our internal systems. These require us to install a certificate chain with intermediate certificates.
How can I install these certificates in to splunk? I have tried concatenating the issued cert for our server (splunk.domain.com) on to the intermediate cert, but this has not fixed the issue. Apache has a configuration option for an intermediate cert, but I can't find any documentation on how to set this up with the splunk Python server.

Our cert info and recommended procedures.

http://help.godaddy.com/article/5346

gkanapathy · ‎04-28-2010

You need to bundle the intermediate and the server certificate into a single certificate, by concatenating the certficates together (the right type, and in the right order) and set that as the server certificate. In addition of course the root CA that signed the intermediate certificate as well as all intermediary certificates must be in the browser certificate stores. Note also that there is a difference between SSL keys and SSL certificates (slightly different file formats), and that Splunk uses PEM certificates files.

View solution in original post

todd8063 · ‎04-28-2010

Hi gkanaphy, thanks for the response. I thought I'd already done that correctly. Here are the steps I've followed.

Follow the Godaddy instructions to generate your key file and CSR. Once you have downloaded the certs, follow this readme (which is on the server as well) to create proper cert files.

The following files are generated by open ssl to upload to godaddy. Just follow standard apache tutorials online to generate a private key.

splunk.key
splunk.csr

Once the csr is uploaded, then the ssl cert is downloaded. The 2 cert files from godaddy are

splunk.crt
gd_bundle.crt

You'll then want to convert the private key to an rsa private key.

openssl rsa -in splunk.key -out splunk.rsa.key

Create a PEM file for splunk by using the following command.

cat splunk.crt gd_bundle.crt > splunk.pem

Copy this to

/opt/splunk/share/splunk/certs/

Use the following files for splunk

key => splunk.rsa.key cert => splunk.pem

I edited $SPLUNK_HOME/etc/system/local/web.conf and set the following values

[settings]
httpport = 443
enableSplunkWebSSL = 1
privKeyPath = /certs/splunk.rsa.key
caCertPath = /certs/splunk.pem

This works for most of my browsers. However Chrome and Safari still tell me my certificate is not issued by a valid authority.

Michael_Wilde · ‎02-22-2013

totally freaking worked. thanks todd.

proylea · ‎10-29-2019

Yes works, minor change to caCertPath, it's now serverCert

gkanapathy · ‎04-28-2010

You need to bundle the intermediate and the server certificate into a single certificate, by concatenating the certficates together (the right type, and in the right order) and set that as the server certificate. In addition of course the root CA that signed the intermediate certificate as well as all intermediary certificates must be in the browser certificate stores. Note also that there is a difference between SSL keys and SSL certificates (slightly different file formats), and that Splunk uses PEM certificates files.

gkanapathy · ‎04-28-2010

Okay. Please indicate the exact steps you have taken, indicating which files you have started with, what operations you did on each file, what files you resulted with, and where you configured them.

Chris_R_ · ‎04-28-2010

This is for splunkweb

gkanapathy · ‎04-27-2010

please specify whether you mean on SplunkWeb or Splunkd. The procedures and configuration are different.

How do i use intermediate SSL chain certs on splunk?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?