Security

Splunk Web Third party certificate is not working

shaileshmali
Path Finder

1) I created private key SDWSearch.key

2) Removed password is removed from key

3) Generated SDWSearch csr

4) Uploaded on Symantec portal for certificate

5) Received server certificate .p7b format and root certificate in pem format

6) Extract server certificate file from .p7b using
openssl pkcs7 -print_certs -in certificate.p7b -out SDWSearch.cer

7) Concatenated all files into SDWSearch.pem
SDWSearch.cer SDWSearch.Key CA.pem > SDWSearch.pem

😎 Tested certificate using SDWSearch.pem and SDWSearch.Key
openssl x509 -in SDWSearch.key -text
openssl x509 -in SDWSearch.pem -text

9) Configured splunk web.conf, restarted splunk service

10) Tried to access splunk server from Firefox.

Error from browser:

Secure Connection Failed

The connection to server1.abc.com was interrupted while the page was loading.

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

11) No clue from webservice.log file. Seems splunk is listening on 443, not sure why I am not able to connect.

2015-09-28 20:31:02,143 INFO    [5609a384ce25ef510] root:597 - CONFIG: x_frame_options_sameorigin (bool): True
2015-09-28 20:31:02,144 INFO    [5609a384ce25ef510] root:632 - DJANGO: configuring...
2015-09-28 20:31:02,262 INFO    [5609a384ce25ef510] root:674 - DJANGO: not starting, found no apps
2015-09-28 20:31:02,263 INFO    [5609a384ce25ef510] root:138 - ENGINE: Bus STARTING
2015-09-28 20:31:02,275 INFO    [5609a384ce25ef510] root:138 - ENGINE: Started monitor thread '_TimeoutMonitor'.
2015-09-28 20:31:02,483 INFO    [5609a384ce25ef510] root:138 - ENGINE: Serving on 0.0.0.0:443
2015-09-28 20:31:02,483 INFO    [5609a384ce25ef510] root:138 - ENGINE: Bus STARTED
0 Karma
1 Solution

shaileshmali
Path Finder

1) I copied p7b file sent by Symantec to windows machine and followed process given in link below to extract file SDWSearch.cer in pem format.
http://support.citrix.com/article/CTX124783

2) Then instead on concatenating files as directed by splunk , i used file extracted from step above as cacert file
privKeyPath = etc/auth/certs/SDWSearch.key
caCertPath = etc/auth/certs/SDWSearch.cer

This solution worked for me. It seems cer file extracted from p7b has all details in it and not need of concatenate files to create pem.

View solution in original post

shaileshmali
Path Finder

1) I copied p7b file sent by Symantec to windows machine and followed process given in link below to extract file SDWSearch.cer in pem format.
http://support.citrix.com/article/CTX124783

2) Then instead on concatenating files as directed by splunk , i used file extracted from step above as cacert file
privKeyPath = etc/auth/certs/SDWSearch.key
caCertPath = etc/auth/certs/SDWSearch.cer

This solution worked for me. It seems cer file extracted from p7b has all details in it and not need of concatenate files to create pem.

masonmorales
Influencer

When you generated the CSR, did you follow the Wiki? https://wiki.splunk.com/Community:SplunkWeb_SSL_3rdPartyCA
What options did you use when generating it?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...