- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- How to configure Splunk Mgm Port 8089 SSL certific...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
we run an Indexer that functions as deployment server as well.
I have already configured it to use our CA-Cert for the Web-UI port 8000 as well as for the input port 9997, both works properly. However, I wasn't able to set our certificate for communication on the mgm port 8089. For each request, it returns the pre-shipped self-signed certificate.
Other solutions from this board didn't work, unfortunately.
We are running splunk enterprise v9.0.3
Configs on the indexer:
server.conf
[sslConfig]
enableSplunkdSSL = true
sslVersions = tls1.2
sslRootCAPath = /opt/splunk/etc/auth/<ourcert>.pem
sslVerifyServerName = true
sslVerifyServerCert = true
sslPassword = <PW>
cliVerifyServerName = true
inputs.conf
[splunktcp-ssl:8089]
disabled = 0
[splunktcp-ssl:9997]
disabled = 0
[SSL]
serverCert = /opt/splunk/etc/auth/<ourcert>.pem
sslPassword = <PW>
requireClientCert = false
sslVersions = tls1.2
sslCommonNameToCheck = splunk.domain1,splunk.domain2
I'd be really happy, if someone could help me out with this! Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like you haven't specified the serverCert config in server.conf. It defaults to Splunk's default server certificate server.pem, which is why you always get the default shipped certificate in return to your requests. This cert is what governs the certificate for the management and KVStore ports. Try the following in server.conf (Edit/remove or add lines as per your environment specifications) and RESTART splunk service. Let us know if it worked for you.
[sslConfig]
enableSplunkdSSL = true
sslRootCAPath = /opt/splunk/etc/auth/mycerts/myCACertificate.pem
serverCert = <Specify the path for your server cert after getting it created for your instance. Defaults to /opt/splunk/etc/auth/server.pem>
sslPassword = mySHCertificatePassword
requireClientCert = true
sslVersions = tls1.2
sslCommonNameToCheck = <Specify yours>
++If this helps, please accept as the solution for others running with the same issue finding the solution++
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I hope below step is helpful for you.
Configuring SSL for Splunk Management Port (mgmt port) on port 8089 involves a few steps.
1. Generate SSL Certificates:
Use a tool like OpenSSL to generate SSL certificates (private key, public key, and certificate signing request).
```bash
openssl req -new -newkey rsa:2048 -keyout splunk.key -out splunk.csr
```
2. Get the Certificate Signed:
Submit the `splunk.csr` to a Certificate Authority (CA) to obtain the signed SSL certificate. Once received, you should have the SSL certificate and CA's intermediate certificate.
3. Create SSL Cert Files:
Combine the private key, signed certificate, and CA intermediate certificate into a single PEM file:
```bash
cat splunk.key splunk.crt ca_intermediate.crt > splunk.pem
```
4. Copy Certificates to Splunk Directory:
Move the `splunk.pem` file to the `$SPLUNK_HOME/etc/auth` directory.
```bash
cp splunk.pem $SPLUNK_HOME/etc/auth
```
5. Configure Splunk Web:
Edit the `web.conf` file in `$SPLUNK_HOME/etc/system/local`:
```ini
[settings]
enableSplunkWebSSL = true
privKeyPath = $SPLUNK_HOME/etc/auth/splunk.pem
serverCert = $SPLUNK_HOME/etc/auth/splunk.pem
```
6. Restart Splunk:
Restart Splunk to apply the changes:
```bash
$SPLUNK_HOME/bin/splunk restart
```
Ensure Splunk starts without errors.
7. Access Splunk via HTTPS:
After the restart, you should be able to access the Splunk Management Port via HTTPS using the URL:
```text
https://your-splunk-server:8089
```
Make sure to replace `your-splunk-server` with the actual server hostname or IP.
Remember to keep backups of any configuration files before making changes and consult Splunk's official documentation for the specific version you are using, as configurations may vary.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much! Thats it!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like you haven't specified the serverCert config in server.conf. It defaults to Splunk's default server certificate server.pem, which is why you always get the default shipped certificate in return to your requests. This cert is what governs the certificate for the management and KVStore ports. Try the following in server.conf (Edit/remove or add lines as per your environment specifications) and RESTART splunk service. Let us know if it worked for you.
[sslConfig]
enableSplunkdSSL = true
sslRootCAPath = /opt/splunk/etc/auth/mycerts/myCACertificate.pem
serverCert = <Specify the path for your server cert after getting it created for your instance. Defaults to /opt/splunk/etc/auth/server.pem>
sslPassword = mySHCertificatePassword
requireClientCert = true
sslVersions = tls1.2
sslCommonNameToCheck = <Specify yours>
++If this helps, please accept as the solution for others running with the same issue finding the solution++
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
