Security

Onprem SplunkWeb Successfully Using Internal CA Issued SSL Cert but Site Displays Certificate is "Not Secure"

cbwillh
Path Finder

We have On Prem Splunk Deployment and Heavy Forwarder Servers
We have a requirement to use third party SSL Certificates for the Splunk Management Console web sites
I have successfully used splunk documentation to get my SSL certificate from my Internal Certificate Authority Server adn I have successfully set that Certificate up on my On Prem Splunk Servers.
I can access my sites and when I check the certificate presented by the browser I can confirm the site is using the newly assigned certificate issued by my internal CA with no issues.
However the site is displaying the dreaded "Not Secure" message next to the browser search field where the certificate is displayed.
when I click on that message and open the certificate I am able to confirm all the site information and URL are correct.
any ideas why it shows as "Not Secure"
any ideas how to fix it? any help would be very much appreciated.
the certificate is being used and works in every other way so its not a huge issue but I am a perfectionist and prefer things have green not red and work as they are supposed do. this just feels half right.

0 Karma
1 Solution

cbwillh
Path Finder

Okay Just letting anyone know who has the same issue that mine came good after I did the following:

the files involved are the CA Issued SSL Certificate and the Private Key I created while following the splunk document: https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Getthird-partycertificatesforSplunkWeb

During that process I converted my certificate to .pem per the instructions but nothing specified to do the same for the private key file which is in .key format.

it should not make a difference as it was not password protected and I could open the private key within a text editor (per the documents test method).

BUT...for whatever reason, I decided to convert the key file from .key to .pem
I then edited the $SPLUNK_HOME/etc/system/local/web.conf file to reflect the new filename as .pem
I then restarted splunk and it all came good and was happy.

not sure why it worked as the .key was accessible or my website would not have worked with it. as stated in my issue the setup worked it simply said "Not Secure" on the certificate when going to the web console.

any way its all good now so hopefully this might help someone else in the future.

View solution in original post

0 Karma

cbwillh
Path Finder

Okay Just letting anyone know who has the same issue that mine came good after I did the following:

the files involved are the CA Issued SSL Certificate and the Private Key I created while following the splunk document: https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Getthird-partycertificatesforSplunkWeb

During that process I converted my certificate to .pem per the instructions but nothing specified to do the same for the private key file which is in .key format.

it should not make a difference as it was not password protected and I could open the private key within a text editor (per the documents test method).

BUT...for whatever reason, I decided to convert the key file from .key to .pem
I then edited the $SPLUNK_HOME/etc/system/local/web.conf file to reflect the new filename as .pem
I then restarted splunk and it all came good and was happy.

not sure why it worked as the .key was accessible or my website would not have worked with it. as stated in my issue the setup worked it simply said "Not Secure" on the certificate when going to the web console.

any way its all good now so hopefully this might help someone else in the future.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...