Security

How do i use intermediate SSL chain certs on splunk?

Splunk Employee
Splunk Employee

We are Using Godaddy SSL certificates for our internal systems. These require us to install a certificate chain with intermediate certificates.
How can I install these certificates in to splunk? I have tried concatenating the issued cert for our server (splunk.domain.com) on to the intermediate cert, but this has not fixed the issue. Apache has a configuration option for an intermediate cert, but I can't find any documentation on how to set this up with the splunk Python server.

Our cert info and recommended procedures.

http://help.godaddy.com/article/5346

Tags (2)
1 Solution

Splunk Employee
Splunk Employee

You need to bundle the intermediate and the server certificate into a single certificate, by concatenating the certficates together (the right type, and in the right order) and set that as the server certificate. In addition of course the root CA that signed the intermediate certificate as well as all intermediary certificates must be in the browser certificate stores. Note also that there is a difference between SSL keys and SSL certificates (slightly different file formats), and that Splunk uses PEM certificates files.

View solution in original post

Engager

Hi gkanaphy, thanks for the response. I thought I'd already done that correctly. Here are the steps I've followed.

Follow the Godaddy instructions to generate your key file and CSR. Once you have downloaded the certs, follow this readme (which is on the server as well) to create proper cert files.

The following files are generated by open ssl to upload to godaddy. Just follow standard apache tutorials online to generate a private key.

splunk.key
splunk.csr

Once the csr is uploaded, then the ssl cert is downloaded. The 2 cert files from godaddy are

splunk.crt
gd_bundle.crt

You'll then want to convert the private key to an rsa private key.

openssl rsa -in splunk.key -out splunk.rsa.key

Create a PEM file for splunk by using the following command.

cat splunk.crt gd_bundle.crt > splunk.pem

Copy this to

/opt/splunk/share/splunk/certs/

Use the following files for splunk

key => splunk.rsa.key cert => splunk.pem

I edited $SPLUNK_HOME/etc/system/local/web.conf and set the following values

[settings]
httpport = 443
enableSplunkWebSSL = 1
privKeyPath = /certs/splunk.rsa.key
caCertPath = /certs/splunk.pem

This works for most of my browsers. However Chrome and Safari still tell me my certificate is not issued by a valid authority.

Splunk Employee
Splunk Employee

totally freaking worked. thanks todd.

0 Karma

Contributor

Yes works, minor change to caCertPath, it's now serverCert

0 Karma

Splunk Employee
Splunk Employee

You need to bundle the intermediate and the server certificate into a single certificate, by concatenating the certficates together (the right type, and in the right order) and set that as the server certificate. In addition of course the root CA that signed the intermediate certificate as well as all intermediary certificates must be in the browser certificate stores. Note also that there is a difference between SSL keys and SSL certificates (slightly different file formats), and that Splunk uses PEM certificates files.

View solution in original post

Splunk Employee
Splunk Employee

Okay. Please indicate the exact steps you have taken, indicating which files you have started with, what operations you did on each file, what files you resulted with, and where you configured them.

0 Karma

Splunk Employee
Splunk Employee

This is for splunkweb

0 Karma

Splunk Employee
Splunk Employee

please specify whether you mean on SplunkWeb or Splunkd. The procedures and configuration are different.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!