Security

How to make the https splunk web load with self-signed certificate?

LinghGroove
Explorer

Hello everybody, can you please tell where i am making errors? I can't make the https splunk web load with my self signed certificate. 

I have a test environment, one Splunk Server where i have executed the following steps:

mkdir $SPLUNK_HOME/etc/auth/mycerts
cd $SPLUNK_HOME/etc/auth/mycerts

$SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out CAPK.key 2048 # Root CA private key
$SPLUNK_HOME/bin/splunk cmd openssl req -new -key CAPK.key -out CACSR.csr # Root CA signing request
# a this point in the Common Name i have tried putting everything, hostname, private ip, localhost, ecc but i doesn't seem to make any difference
$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in CACSR.csr -sha512 -signkey CAPK.key -CAcreateserial -out CACE.pem -days 1095 # my CA certificate

$SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out DEPPK.key 2048 # i have configured the same password for both keys but i doesn't seem to be the problem
$SPLUNK_HOME/bin/splunk cmd openssl req -new -key DEPPK.key -out DEPCSR.csr # for the Common Name value i have tried the same things for the CA
$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in DEPCSR.csr -SHA256 -CA CACE.pem -CAkey CAPK.key -CAcreateserial -out DEPCE.pem -days 1095

cat DEPCE.pem DEPPK.key CACE.pem > DEPCEchain.pem

# in the /opt/splunk/etc/system/local/web.conf i have written:
[settings]
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/mycerts/DEPPK.key
serverCert = /opt/splunk/etc/auth/mycerts/DEPCEchain.pem
startwebserver = 1
httpport = 8000

# to see if the connection to the server is going well i use
openssl s_client -connect 192.168.1.11:8000
# OR
openssl s_client -connect 127.0.0.1:8000
# and it says CONNECTED(00000003) unfortunatly if i try to navigate splunk web on https it doesn't load
# i have tried putting the certificates inside /opt/splunk/etc/auth/splunkweb and then colling them in web.conf but nothing happens
# this is what is written inside server.conf:

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/mycerts/CertificateAuthorityCertificate.pem
sslPassword = $7$7OQ1bcyW5b53gGJ/us2ExVKxerWlcolKjoS1j7pZ05QpmNmIUt7NQw==

 I don't know what to try next, i can't find a solution, no matter what i try it won't load on splunk web.

Maybe it can help saying that i call https://192.168.1.11:8000/  on the browser. Even tried putting sslPassword inside web.conf with the key password but nothing changed.

Labels (5)
Tags (1)
0 Karma
1 Solution

LinghGroove
Explorer

Pretty dumb mistake. I have removed my root CA in the server.conf and I edited the password back to the default value "password".

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/mycerts/CertificateAuthorityCertificate.pem
sslPassword = $7$7OQ1bcyW5b53gGJ/us2ExVKxerWlcolKjoS1j7pZ05QpmNmIUt7NQw==

 In the web.conf i was forgetting to put the certificate password so i just added: 

sslPassword = myselfsignedpassword

 It works.

View solution in original post

0 Karma

LinghGroove
Explorer

Pretty dumb mistake. I have removed my root CA in the server.conf and I edited the password back to the default value "password".

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/mycerts/CertificateAuthorityCertificate.pem
sslPassword = $7$7OQ1bcyW5b53gGJ/us2ExVKxerWlcolKjoS1j7pZ05QpmNmIUt7NQw==

 In the web.conf i was forgetting to put the certificate password so i just added: 

sslPassword = myselfsignedpassword

 It works.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...