Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Unable to ssl secure Splunk web running on EC2 using ELB

sushainmagotra
Loves-to-Learn Lots
‎10-15-2020 03:05 AM

Hi all,

So, we have a Splunk Enterprise running on an ec2 instance and we want to ssl secure the splunk web url.
So for this we first got a name domain (eg."name.domain.com" ) from aws route53 and then got an aws  ssl certificate for this domain. 
Next, we created a load balancer with  a target group(target-1) HTTP at port 80 to the ec2 instance. And a second target group(target-2) HTTPS at port 443  to the same ec2 instance but without the load balancer.
Then, we have two listeners to the load balancer:

1. HTTPS 443 listener with the aws ssl certificate that we got from aws. This listener is forwarding to the  target group target-1

2. HTTP  8000 listener . This listener is redirecting to HTTPS://#{host}:443/#{path}?#{query}.

Then on my ec2 instance I have an apache httpd server. And I made the following changes in the  apache and splunk config files:

 

/etc/httpd/conf/httpd.conf 

Listen 80
<VirtualHost *:80>
ServerName name.domain.com
Redirect permanent / https://name.domain.com/
</VirtualHost>

/etc/httpd/conf.d/ssl.conf 

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName name.domain.com
ProxyPass / https://127.0.0.1:8000/
ProxyPassReverse / https://127.0.0.1:8000/
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/name.domain.crt
SSLCertificateKeyFile /etc/httpd/ssl/name.domain.key
SSLProxyEngine on
SSLProxyVerify none
</VirtualHost>

/opt/splunk/etc/system/local/web.conf

[settings]
enableSplunkWebSSL = 1
privKeyPath = /etc/httpd/ssl/name.domain.key
caCertPath = /etc/httpd/ssl/name.domain.crt

With these changes and modifications , when I type url  "https://name.domain.com" on the web browser it opens the apache test page and the page is secured 🙂 . But when I type https://name.domain.com:8000 to open splunk web, it shows in browser " This site cant provide a secure connection". 😞 

I think the problem is that, in the apache config files it cannot locate the SSLCertificateFile as I just provided the domain.name.crt there thinking it will somehow get the ssl crt and key files from the browser but it doesnt. Maybe , I have to put manually the ssl files in the specified locations. But, for aws created ssl certificates there is no way to export the .crt and .key files for ssl. So, what do I use for the fields SSLCertificateFile and SSLCertificatekey in the apache config files???? Please help????

Labels (5)
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...