Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Setting up third-party wildcard certs with Splunk

maverick
Splunk Employee
Splunk Employee
‎07-06-2011 06:25 AM

My understanding on the knowledge base article located here...

http://www.splunk.com/base/Documentation/latest/Admin/SecureaccesstoyourSplunkserverwithSSL

...is that I can take an existing .pem file I have using my third-party wildcard cert and then do this...


mkdir /opt/splunk/share/splunk/certs
cp /etc/tmp/certs/_.thirdpartywildcard_cert.com /opt/splunk/share/splunk/certs/privkey.pem
cp /etc/pki/tls/cert.pem /opt/splunk/share/splunk/certs/cert.pem

vi /opt/splunk/etc/system/local/web.conf

diff /opt/splunk/etc/system/local/web.conf /opt/splunk/etc/system/local/web.conf.20110701
3,4d2
< privKeyPath = /certs/privkey.pem
< caCertPath = /certs/cert.pem
[root@aaa ~]#

2011-07-05 11:54:42,244 INFO [4e1341d1f6b6453d0] root:243 - Enabling SSL
2011-07-05 11:54:42,244 ERROR [4e1341d1f6b6453d0] root:493 - Unable to start splunkweb
2011-07-05 11:54:42,244 ERROR [4e1341d1f6b6453d0] root:494 - /certs/privkey.pem Not Found
Traceback (most recent call last):
File "/opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/root.py", line 489, in
run(blocking=True)
File "/opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/root.py", line 258, in run
raise ValueError("%s Not Found" % global_cfg['server.ssl_private_key'])
ValueError: /certs/privkey.pem Not Found

A simple question is where is "/", since I had to create
/opt/splunk/share/splunk/certs

I think the kb article may be incorrect about where to put the pem file.

What I really want to do is put a link to the place where I normally install the .pem

Any done this yet and got it to work?

Also, where does SPLUNK web chroot to?

0 Karma
Reply

MuS
Legend
‎07-06-2011 06:33 AM

Hi maverick

just had to setup SSL last friday so I remember that the paths for "privKeyPath" and "caCertPath" are relative to $SPLUNK_HOME/share/splunk. Strange is that you had to create the certs directory, mine was existing in 4.1.8.

btw here is a great wiki about this topic

no info about the chroot, sorry.

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...