Security

Splunk Web not accessible via https

abhijitnath89ax
Loves-to-Learn

We had provided created certificates and provided all information in web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath = /opt/splunk/etc/auth/mycerts/CertAwsDev/private.key
serverCert = /opt/splunk/etc/auth/mycerts/CertAwsDev/Cert.pem
httpport = 443

But we are not getting the 443v port established in the server
netstat -aen | grep 443

For this reason it is coming unhealthy (502) in AWS target groups

Labels (1)
0 Karma

abhijitnath89ax
Loves-to-Learn

Below is the output of netstat command

netstat -aen | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 9944802
tcp 0 0 10.x.x.101:37272 54.x.x.173:443 ESTABLISHED 0 10220872
tcp 0 0 10.x.x.101:59914 54.x.x.213:443 TIME_WAIT 0 0
tcp 0 0 10.x.x.101:46116 52.x.x.97:443 ESTABLISHED 0 10220742

0 Karma

harsmarvania57
Ultra Champion

Based on output provided by you, your server is listening on port 443 but AWS LB is getting 502 Bad gateway in health check. As I don't have more knowledge on AWS side, I can't help much more but if you are using self signed certificate on splunk server then you might need to add root certificate on AWS LB.

0 Karma

harsmarvania57
Ultra Champion

Are you running splunk with root user ? On Linux only root can use port < 1024.

0 Karma

abhijitnath89ax
Loves-to-Learn

I am running splunk with root user

0 Karma

harsmarvania57
Ultra Champion

Please provide output of ss -nltp | grep 443

0 Karma

abhijitnath89ax
Loves-to-Learn

LISTEN 0 128 0.0.0.0:443 0.0.0.0:* users:(("splunkd",pid=20841,fd=112))

0 Karma

PavelP
Motivator

Does the splunkd process listen on port 443? You haven't provided the output of netstat command.

If splunkd is listening on the port then check firewall (network and local).

Let me know how it went

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...