Has anybody figured out how to use a self-signed certificate without getting a warning that it's invalid?
I can access Splunk anyway and it does in fact use my certificate, but for the long haul I would want there to be no annoying warnings.
I followed these instructions exactly:
I imported the myCACertificate.pem into Chrome by the way.
It's also a testing environment with no live feeds.
As a workaround, Firefox accepts the certificate with a green lock icon.
Chrome is telling me the certificate is invalid because it doesn't specify Subject Alternative Names.
I tried following instructions from these two links:
Basically, editing the file $SPLUNK_HOME/openssl/openssl.cnf to uncomment the line "req_extensions = v3_req" and included this under the stanza [v3_req]: subjectAltName=DNS:splunk.a.b.c.d, DNS:splunk, IP:127.0.0.1
Obviously, a.b.c.d is replaced with the real domain. For info, I access splunk web using the internal URL https://splunk:8000
Did you ever manage to add SAN into the pem? I have it in the csr, but not in the final pem.
I assume it should be seen from the myCACertificate.pem file after this? Looks like it is not.
/opt/splunk/bin/splunk cmd openssl x509 -req -in myCACertificate.csr -sha256 -signkey myCAPrivateKey.key -CAcreateserial -out myCACertificate.pem -days 3650