Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- Splunk Web Third party certificate is not working
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1) I created private key SDWSearch.key
2) Removed password is removed from key
3) Generated SDWSearch csr
4) Uploaded on Symantec portal for certificate
5) Received server certificate .p7b format and root certificate in pem format
6) Extract server certificate file from .p7b using
openssl pkcs7 -print_certs -in certificate.p7b -out SDWSearch.cer
7) Concatenated all files into SDWSearch.pem
SDWSearch.cer SDWSearch.Key CA.pem > SDWSearch.pem
😎 Tested certificate using SDWSearch.pem and SDWSearch.Key
openssl x509 -in SDWSearch.key -text
openssl x509 -in SDWSearch.pem -text
9) Configured splunk web.conf, restarted splunk service
10) Tried to access splunk server from Firefox.
Error from browser:
Secure Connection Failed
The connection to server1.abc.com was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
11) No clue from webservice.log file. Seems splunk is listening on 443, not sure why I am not able to connect.
2015-09-28 20:31:02,143 INFO [5609a384ce25ef510] root:597 - CONFIG: x_frame_options_sameorigin (bool): True
2015-09-28 20:31:02,144 INFO [5609a384ce25ef510] root:632 - DJANGO: configuring...
2015-09-28 20:31:02,262 INFO [5609a384ce25ef510] root:674 - DJANGO: not starting, found no apps
2015-09-28 20:31:02,263 INFO [5609a384ce25ef510] root:138 - ENGINE: Bus STARTING
2015-09-28 20:31:02,275 INFO [5609a384ce25ef510] root:138 - ENGINE: Started monitor thread '_TimeoutMonitor'.
2015-09-28 20:31:02,483 INFO [5609a384ce25ef510] root:138 - ENGINE: Serving on 0.0.0.0:443
2015-09-28 20:31:02,483 INFO [5609a384ce25ef510] root:138 - ENGINE: Bus STARTED
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1) I copied p7b file sent by Symantec to windows machine and followed process given in link below to extract file SDWSearch.cer in pem format.
http://support.citrix.com/article/CTX124783
2) Then instead on concatenating files as directed by splunk , i used file extracted from step above as cacert file
privKeyPath = etc/auth/certs/SDWSearch.key
caCertPath = etc/auth/certs/SDWSearch.cer
This solution worked for me. It seems cer file extracted from p7b has all details in it and not need of concatenate files to create pem.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1) I copied p7b file sent by Symantec to windows machine and followed process given in link below to extract file SDWSearch.cer in pem format.
http://support.citrix.com/article/CTX124783
2) Then instead on concatenating files as directed by splunk , i used file extracted from step above as cacert file
privKeyPath = etc/auth/certs/SDWSearch.key
caCertPath = etc/auth/certs/SDWSearch.cer
This solution worked for me. It seems cer file extracted from p7b has all details in it and not need of concatenate files to create pem.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you generated the CSR, did you follow the Wiki? https://wiki.splunk.com/Community:SplunkWeb_SSL_3rdPartyCA
What options did you use when generating it?
.conf25 Global Broadcast: Don’t Miss a Moment
Observe and Secure All Apps with Splunk
What's New in Splunk Observability - August 2025
