Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Self-signed certificate without warnings?

splunklearner12
Path Finder
‎08-01-2019 06:33 AM

Has anybody figured out how to use a self-signed certificate without getting a warning that it's invalid?
I can access Splunk anyway and it does in fact use my certificate, but for the long haul I would want there to be no annoying warnings.
I followed these instructions exactly:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Self-signcertificatesforSplunkWeb
https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/SecureSplunkWebusingasignedcertificate
I imported the myCACertificate.pem into Chrome by the way.
It's also a testing environment with no live feeds.

0 Karma
Reply

splunklearner12
Path Finder
‎08-07-2019 08:13 AM

As a workaround, Firefox accepts the certificate with a green lock icon.

0 Karma
Reply

splunklearner12
Path Finder
‎08-07-2019 07:49 AM

Chrome is telling me the certificate is invalid because it doesn't specify Subject Alternative Names.
I tried following instructions from these two links:
https://answers.splunk.com/answers/476596/how-to-generate-csr-files-with-subjectaltnames-san.html
https://www.hurricanelabs.com/splunk-tutorials/splunk-certificates-master-guide
Basically, editing the file $SPLUNK_HOME/openssl/openssl.cnf to uncomment the line "req_extensions = v3_req" and included this under the stanza [v3_req]: subjectAltName=DNS:splunk.a.b.c.d, DNS:splunk, IP:127.0.0.1
Obviously, a.b.c.d is replaced with the real domain. For info, I access splunk web using the internal URL https://splunk:8000

0 Karma
Reply

JykkeDaMan
Path Finder
‎09-30-2019 09:50 AM

Did you ever manage to add SAN into the pem? I have it in the csr, but not in the final pem.
I assume it should be seen from the myCACertificate.pem file after this? Looks like it is not.

/opt/splunk/bin/splunk cmd openssl x509 -req -in myCACertificate.csr -sha256 -signkey myCAPrivateKey.key -CAcreateserial -out myCACertificate.pem -days 3650

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...