Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure certificate on port 8089?

skoelpin
SplunkTrust
SplunkTrust
‎10-03-2016 11:24 AM

InfoSec requires us to use a cert signed by them. I got the cert signed and setup in web.conf (See below).. I had them rescan the setup and he says that it passes on port 8000 but now fails on port 8089 due to Splunk using a self-signed certificate. Where can I make the changes so port 8089 uses our certificate rather than Splunk self-signed certificate?

[settings]
 enableSplunkWebSSL = 1
 privKeyPath = /opt/splunk/etc/auth/splunkweb/mySplunkWebPrivateKey.key
 caCertPath = /opt/splunk/etc/auth/splunkweb/splunk-emc01.pem
 sslVersions = tls1.1, tls1.2
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

frobinson_splun
Splunk Employee
Splunk Employee
‎10-03-2016 11:41 AM

Hi @skoelpin,

This past post looks like it might help with your question. It discusses making splunkd certificate configurations in the server.conf file.

https://answers.splunk.com/answers/54133/how-do-i-set-the-ssl-cert-for-the-management-port-8089.html

You can also check out the "Securing Splunk Enterprise" manual for more info.
http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/WhatyoucansecurewithSplunk

Hope this helps!

View solution in original post

Reply
Solved! Jump to solution

toddhawkins
New Member
‎06-08-2017 04:23 PM

So I still cannot get this working and the info in here is a little misleading. so here is what I have in my server.conf and web.conf. What am I doing wrong?

server.conf
[sslConfig]
enableSplunkdSSL = true
sslVersions = "*,-ssl2"
serverCert = /opt/splunk/etc/auth/mycerts/myServerCertificate.pem
sslRootCAPath = /opt/splunk/etc/auth/mycerts/myCACertificate.pem
sslPassword = "hidden"

web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath = /opt/splunk/etc/auth/splunkweb/mySplunkWebPrivateKey.key
serverCert = /opt/splunk/etc/auth/splunkweb/mySplunkWebCertificate.pem
sslVersions = tls1.1, tls1.2

0 Karma
Reply
Solved! Jump to solution
Solution

frobinson_splun
Splunk Employee
Splunk Employee
‎10-03-2016 11:41 AM

Hi @skoelpin,

This past post looks like it might help with your question. It discusses making splunkd certificate configurations in the server.conf file.

https://answers.splunk.com/answers/54133/how-do-i-set-the-ssl-cert-for-the-management-port-8089.html

You can also check out the "Securing Splunk Enterprise" manual for more info.
http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/WhatyoucansecurewithSplunk

Hope this helps!

Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎10-03-2016 12:20 PM

Thanks for the answer but I've already read this answer and it didn't solve my issue or address how to set the cert for port 8089. Can you provide the stanza I should include in server.conf for port 8089?

0 Karma
Reply
Solved! Jump to solution

jworthington_sp
Splunk Employee
Splunk Employee
‎10-03-2016 01:40 PM

We don't have a specific topic dedicated to this question in the docs right now, but the following topic might help answer your question about where to set the server.conf stanza:

http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/Securingyourdeploymentserverandclients

[settings]
enableSplunkWebSSL = true
privKeyPath = etc/auth/splunkweb/mySplunkWebPrivateKey.key
serverCert = etc/auth/splunkweb/mySplunkWebCertificate.pem
cipherSuite =

You might also find the server.conf topic helpful: http://docs.splunk.com/Documentation/Splunk/6.5.0/Admin/Serverconf

SSL Configuration details

[sslConfig]
* Set SSL for communications on Splunk back-end under this stanza name.
* NOTE: To set SSL (eg HTTPS) for Splunk Web and the browser, use
web.conf.
* Follow this stanza name with any number of the following attribute/value
pairs.
* If you do not specify an entry for each attribute, Splunk will use the
default value.

enableSplunkdSSL =
* Enables/disables SSL on the splunkd management port (8089) and KV store
port (8191).
* Defaults to true.
* Note: Running splunkd without SSL is not generally recommended.
* Distributed search will often perform better with SSL enabled.

Reply
Solved! Jump to solution

tashdid
Explorer
‎05-11-2020 04:58 PM

This is the real answer. Thanks

0 Karma
Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎10-03-2016 05:37 PM

I wish I read this answer before discovering the solution. Thanks for the help!

Reply
Solved! Jump to solution

frobinson_splun
Splunk Employee
Splunk Employee
‎10-03-2016 01:18 PM

Check the [sslConfig] stanza in server.conf

Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎10-03-2016 05:35 PM

You we're correct, I had it set in web.conf but not server.conf. I was unaware that I needed it in both .confs. Thanks for your help!

For those reading this answer in the future.. web.conf is configuration changes for port 8000 and server.conf is for changes on port 8089 which is the management port that controls the Deployment server, license Master, Cluster Master, Deployer and REST API access. If you disable port 8089 then Splunk will be unusable

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...