Setting up third-party wildcard certs with Splunk

Splunk Employee
Splunk Employee

My understanding on the knowledge base article located here... that I can take an existing .pem file I have using my third-party wildcard cert and then do this...

mkdir /opt/splunk/share/splunk/certs
cp /etc/tmp/certs/ /opt/splunk/share/splunk/certs/privkey.pem
cp /etc/pki/tls/cert.pem /opt/splunk/share/splunk/certs/cert.pem

vi /opt/splunk/etc/system/local/web.conf

diff /opt/splunk/etc/system/local/web.conf /opt/splunk/etc/system/local/web.conf.20110701
< privKeyPath = /certs/privkey.pem
< caCertPath = /certs/cert.pem
[root@aaa ~]#

2011-07-05 11:54:42,244 INFO [4e1341d1f6b6453d0] root:243 - Enabling SSL
2011-07-05 11:54:42,244 ERROR [4e1341d1f6b6453d0] root:493 - Unable to start splunkweb
2011-07-05 11:54:42,244 ERROR [4e1341d1f6b6453d0] root:494 - /certs/privkey.pem Not Found
Traceback (most recent call last):
File "/opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/", line 489, in
File "/opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/", line 258, in run
raise ValueError("%s Not Found" % globalcfg['server.sslprivate_key'])
ValueError: /certs/privkey.pem Not Found

A simple question is where is "/", since I had to create

I think the kb article may be incorrect about where to put the pem file.

What I really want to do is put a link to the place where I normally install the .pem

Any done this yet and got it to work?

Also, where does SPLUNK web chroot to?

0 Karma


Hi maverick

just had to setup SSL last friday so I remember that the paths for "privKeyPath" and "caCertPath" are relative to $SPLUNK_HOME/share/splunk. Strange is that you had to create the certs directory, mine was existing in 4.1.8.

btw here is a great wiki about this topic

no info about the chroot, sorry.