Security

Splunkweb Self-Signed SSL certificates not working with Chrome

responsys_cm
Builder

I followed this guide for setting up self-signed certs with Splunk:

https://docs.splunk.com/Documentation/Splunk/7.0.1/Security/Howtoself-signcertificates

I used the steps above for creating the CA certs. For getting Splunk web certs, I followed this guide (the one above is missing step to remove the password from the server private key):

http://docs.splunk.com/Documentation/Splunk/7.0.1/Security/Self-signcertificatesforSplunkWeb

Firefox connects just fine. Chrome gives me the following:

NET::ERR_CERT_INVALID
index01 normally uses encryption to protect your information. When Google Chrome tried to connect to index01 this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be index01, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit index01 right now because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

I looked around here and found an answer that pointed to this link about how to export the certificate from Firefox and then import it into Chrome:

https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certifica...

I'm still getting this error. Any ideas what might be the problem?

Here are the exact commands I ran:

$SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out myCAPrivateKey.key 2048

$SPLUNK_HOME/bin/splunk cmd openssl req -new -key myCAPrivateKey.key -out myCACertificate.csr

$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in myCACertificate.csr -sha512 -signkey myCAPrivateKey.key -CAcreateserial -out myCACertificate.pem -days 1095

$SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out index01.key 2048

$SPLUNK_HOME/bin/splunk cmd openssl req -new -key index01.key -out index01.csr

$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in index01.csr -SHA256 -CA myCACertificate.pem -CAkey myCAPrivateKey.key -CAcreateserial -out index01.pem -days 1095

cat index01.pem index01.key myCACertificate.pem > index01_cert.pem

Remove password from key:

$SPLUNK_HOME/bin/splunk cmd openssl rsa -in index01.key -out index01_nopass.key

$SPLUNK_HOME/bin/splunk cmd openssl req -new -key index01_nopass.key -out index01_web.csr

$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in index01_web.csr -CA myCACertificate.pem -CAkey myCAPrivateKey.key -CAcreateserial -out index01_web.pem -days 1095

cat index01_web.pem myCACertificate.pem > index01_ssl.pem

Labels (1)

rsolutions
Path Finder

click anywhere on the screen and type:

thisisunsafe

It will let continue to the page.

bgreske
New Member

Same issue here.

0 Karma

jmajumdar
Explorer

I have the same issues

0 Karma

gsngames
New Member

We have the same issue. Any updates?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...