Security
Highlighted

How to configure certificate on port 8089?

SplunkTrust
SplunkTrust

InfoSec requires us to use a cert signed by them. I got the cert signed and setup in web.conf (See below).. I had them rescan the setup and he says that it passes on port 8000 but now fails on port 8089 due to Splunk using a self-signed certificate. Where can I make the changes so port 8089 uses our certificate rather than Splunk self-signed certificate?

[settings]
 enableSplunkWebSSL = 1
 privKeyPath = /opt/splunk/etc/auth/splunkweb/mySplunkWebPrivateKey.key
 caCertPath = /opt/splunk/etc/auth/splunkweb/splunk-emc01.pem
 sslVersions = tls1.1, tls1.2
Labels (1)
0 Karma
Highlighted

Re: How to configure certificate on port 8089?

Splunk Employee
Splunk Employee

Hi @skoelpin,

This past post looks like it might help with your question. It discusses making splunkd certificate configurations in the server.conf file.

https://answers.splunk.com/answers/54133/how-do-i-set-the-ssl-cert-for-the-management-port-8089.html

You can also check out the "Securing Splunk Enterprise" manual for more info.
http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/WhatyoucansecurewithSplunk

Hope this helps!

View solution in original post

Highlighted

Re: How to configure certificate on port 8089?

SplunkTrust
SplunkTrust

Thanks for the answer but I've already read this answer and it didn't solve my issue or address how to set the cert for port 8089. Can you provide the stanza I should include in server.conf for port 8089?

0 Karma
Highlighted

Re: How to configure certificate on port 8089?

Splunk Employee
Splunk Employee

Check the [sslConfig] stanza in server.conf

Highlighted

Re: How to configure certificate on port 8089?

SplunkTrust
SplunkTrust

You we're correct, I had it set in web.conf but not server.conf. I was unaware that I needed it in both .confs. Thanks for your help!

For those reading this answer in the future.. web.conf is configuration changes for port 8000 and server.conf is for changes on port 8089 which is the management port that controls the Deployment server, license Master, Cluster Master, Deployer and REST API access. If you disable port 8089 then Splunk will be unusable

Highlighted

Re: How to configure certificate on port 8089?

Splunk Employee
Splunk Employee

We don't have a specific topic dedicated to this question in the docs right now, but the following topic might help answer your question about where to set the server.conf stanza:

http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/Securingyourdeploymentserverandclients

[settings]
enableSplunkWebSSL = true
privKeyPath = etc/auth/splunkweb/mySplunkWebPrivateKey.key
serverCert = etc/auth/splunkweb/mySplunkWebCertificate.pem
cipherSuite =

You might also find the server.conf topic helpful: http://docs.splunk.com/Documentation/Splunk/6.5.0/Admin/Serverconf

SSL Configuration details

[sslConfig]
* Set SSL for communications on Splunk back-end under this stanza name.
* NOTE: To set SSL (eg HTTPS) for Splunk Web and the browser, use
web.conf.
* Follow this stanza name with any number of the following attribute/value
pairs.
* If you do not specify an entry for each attribute, Splunk will use the
default value.

enableSplunkdSSL =
* Enables/disables SSL on the splunkd management port (8089) and KV store
port (8191).
* Defaults to true.
* Note: Running splunkd without SSL is not generally recommended.
* Distributed search will often perform better with SSL enabled.

Highlighted

Re: How to configure certificate on port 8089?

SplunkTrust
SplunkTrust

I wish I read this answer before discovering the solution. Thanks for the help!

Highlighted

Re: How to configure certificate on port 8089?

Explorer

This is the real answer. Thanks

0 Karma
Highlighted

Re: How to configure certificate on port 8089?

New Member

So I still cannot get this working and the info in here is a little misleading. so here is what I have in my server.conf and web.conf. What am I doing wrong?

server.conf
[sslConfig]
enableSplunkdSSL = true
sslVersions = "*,-ssl2"
serverCert = /opt/splunk/etc/auth/mycerts/myServerCertificate.pem
sslRootCAPath = /opt/splunk/etc/auth/mycerts/myCACertificate.pem
sslPassword = "hidden"

web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath = /opt/splunk/etc/auth/splunkweb/mySplunkWebPrivateKey.key
serverCert = /opt/splunk/etc/auth/splunkweb/mySplunkWebCertificate.pem
sslVersions = tls1.1, tls1.2

0 Karma