Security

Splunkweb Self-Signed SSL certificates not working with Chrome

responsys_cm
Builder

I followed this guide for setting up self-signed certs with Splunk:

https://docs.splunk.com/Documentation/Splunk/7.0.1/Security/Howtoself-signcertificates

I used the steps above for creating the CA certs. For getting Splunk web certs, I followed this guide (the one above is missing step to remove the password from the server private key):

http://docs.splunk.com/Documentation/Splunk/7.0.1/Security/Self-signcertificatesforSplunkWeb

Firefox connects just fine. Chrome gives me the following:

NET::ERR_CERT_INVALID
index01 normally uses encryption to protect your information. When Google Chrome tried to connect to index01 this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be index01, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit index01 right now because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

I looked around here and found an answer that pointed to this link about how to export the certificate from Firefox and then import it into Chrome:

https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certifica...

I'm still getting this error. Any ideas what might be the problem?

Here are the exact commands I ran:

$SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out myCAPrivateKey.key 2048

$SPLUNK_HOME/bin/splunk cmd openssl req -new -key myCAPrivateKey.key -out myCACertificate.csr

$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in myCACertificate.csr -sha512 -signkey myCAPrivateKey.key -CAcreateserial -out myCACertificate.pem -days 1095

$SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out index01.key 2048

$SPLUNK_HOME/bin/splunk cmd openssl req -new -key index01.key -out index01.csr

$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in index01.csr -SHA256 -CA myCACertificate.pem -CAkey myCAPrivateKey.key -CAcreateserial -out index01.pem -days 1095

cat index01.pem index01.key myCACertificate.pem > index01_cert.pem

Remove password from key:

$SPLUNK_HOME/bin/splunk cmd openssl rsa -in index01.key -out index01_nopass.key

$SPLUNK_HOME/bin/splunk cmd openssl req -new -key index01_nopass.key -out index01_web.csr

$SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in index01_web.csr -CA myCACertificate.pem -CAkey myCAPrivateKey.key -CAcreateserial -out index01_web.pem -days 1095

cat index01_web.pem myCACertificate.pem > index01_ssl.pem

Labels (1)

rsolutions
Path Finder

click anywhere on the screen and type:

thisisunsafe

It will let continue to the page.

bgreske
New Member

Same issue here.

0 Karma

jmajumdar
Explorer

I have the same issues

0 Karma

gsngames
New Member

We have the same issue. Any updates?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...