Security

How to make the https splunk web load with self-signed certificate?

LinghGroove
Explorer

Hello everybody, can you please tell where i am making errors? I can't make the https splunk web load with my self signed certificate. 

I have a test environment, one Splunk Server where i have executed the following steps:

mkdir $SPLUNK_HOME/etc/auth/mycerts
cd $SPLUNK_HOME/etc/auth/mycerts

$SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out CAPK.key 2048 # Root CA private key
$SPLUNK_HOME/bin/splunk cmd openssl req -new -key CAPK.key -out CACSR.csr # Root CA signing request
# a this point in the Common Name i have tried putting everything, hostname, private ip, localhost, ecc but i doesn't seem to make any difference
$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in CACSR.csr -sha512 -signkey CAPK.key -CAcreateserial -out CACE.pem -days 1095 # my CA certificate

$SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out DEPPK.key 2048 # i have configured the same password for both keys but i doesn't seem to be the problem
$SPLUNK_HOME/bin/splunk cmd openssl req -new -key DEPPK.key -out DEPCSR.csr # for the Common Name value i have tried the same things for the CA
$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in DEPCSR.csr -SHA256 -CA CACE.pem -CAkey CAPK.key -CAcreateserial -out DEPCE.pem -days 1095

cat DEPCE.pem DEPPK.key CACE.pem > DEPCEchain.pem

# in the /opt/splunk/etc/system/local/web.conf i have written:
[settings]
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/mycerts/DEPPK.key
serverCert = /opt/splunk/etc/auth/mycerts/DEPCEchain.pem
startwebserver = 1
httpport = 8000

# to see if the connection to the server is going well i use
openssl s_client -connect 192.168.1.11:8000
# OR
openssl s_client -connect 127.0.0.1:8000
# and it says CONNECTED(00000003) unfortunatly if i try to navigate splunk web on https it doesn't load
# i have tried putting the certificates inside /opt/splunk/etc/auth/splunkweb and then colling them in web.conf but nothing happens
# this is what is written inside server.conf:

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/mycerts/CertificateAuthorityCertificate.pem
sslPassword = $7$7OQ1bcyW5b53gGJ/us2ExVKxerWlcolKjoS1j7pZ05QpmNmIUt7NQw==

 I don't know what to try next, i can't find a solution, no matter what i try it won't load on splunk web.

Maybe it can help saying that i call https://192.168.1.11:8000/  on the browser. Even tried putting sslPassword inside web.conf with the key password but nothing changed.

Labels (5)
Tags (1)
0 Karma
1 Solution

LinghGroove
Explorer

Pretty dumb mistake. I have removed my root CA in the server.conf and I edited the password back to the default value "password".

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/mycerts/CertificateAuthorityCertificate.pem
sslPassword = $7$7OQ1bcyW5b53gGJ/us2ExVKxerWlcolKjoS1j7pZ05QpmNmIUt7NQw==

 In the web.conf i was forgetting to put the certificate password so i just added: 

sslPassword = myselfsignedpassword

 It works.

View solution in original post

0 Karma

LinghGroove
Explorer

Pretty dumb mistake. I have removed my root CA in the server.conf and I edited the password back to the default value "password".

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/mycerts/CertificateAuthorityCertificate.pem
sslPassword = $7$7OQ1bcyW5b53gGJ/us2ExVKxerWlcolKjoS1j7pZ05QpmNmIUt7NQw==

 In the web.conf i was forgetting to put the certificate password so i just added: 

sslPassword = myselfsignedpassword

 It works.

0 Karma
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...