Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- Self-signed certificate without warnings?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Self-signed certificate without warnings?
Has anybody figured out how to use a self-signed certificate without getting a warning that it's invalid?
I can access Splunk anyway and it does in fact use my certificate, but for the long haul I would want there to be no annoying warnings.
I followed these instructions exactly:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Self-signcertificatesforSplunkWeb
https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/SecureSplunkWebusingasignedcertificate
I imported the myCACertificate.pem into Chrome by the way.
It's also a testing environment with no live feeds.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As a workaround, Firefox accepts the certificate with a green lock icon.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chrome is telling me the certificate is invalid because it doesn't specify Subject Alternative Names.
I tried following instructions from these two links:
https://answers.splunk.com/answers/476596/how-to-generate-csr-files-with-subjectaltnames-san.html
https://www.hurricanelabs.com/splunk-tutorials/splunk-certificates-master-guide
Basically, editing the file $SPLUNK_HOME/openssl/openssl.cnf to uncomment the line "req_extensions = v3_req" and included this under the stanza [v3_req]: subjectAltName=DNS:splunk.a.b.c.d, DNS:splunk, IP:127.0.0.1
Obviously, a.b.c.d is replaced with the real domain. For info, I access splunk web using the internal URL https://splunk:8000
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you ever manage to add SAN into the pem? I have it in the csr, but not in the final pem.
I assume it should be seen from the myCACertificate.pem file after this? Looks like it is not.
/opt/splunk/bin/splunk cmd openssl x509 -req -in myCACertificate.csr -sha256 -signkey myCAPrivateKey.key -CAcreateserial -out myCACertificate.pem -days 3650
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
