Security

Unable to ssl secure Splunk web running on EC2 using ELB

sushainmagotra
Loves-to-Learn Lots

Hi all,

So, we have a Splunk Enterprise running on an ec2 instance and we want to ssl secure the splunk web url.
So for this we first got a name domain (eg."name.domain.com" ) from aws route53 and then got an aws  ssl certificate for this domain. 
Next, we created a load balancer with  a target group(target-1) HTTP at port 80 to the ec2 instance. And a second target group(target-2) HTTPS at port 443  to the same ec2 instance but without the load balancer.
Then, we have two listeners to the load balancer:

1. HTTPS 443 listener with the aws ssl certificate that we got from aws. This listener is forwarding to the  target group target-1

2. HTTP  8000 listener . This listener is redirecting to HTTPS://#{host}:443/#{path}?#{query}.

Then on my ec2 instance I have an apache httpd server. And I made the following changes in the  apache and splunk config files:

 

/etc/httpd/conf/httpd.conf 

Listen 80
<VirtualHost *:80>
ServerName name.domain.com
Redirect permanent / https://name.domain.com/
</VirtualHost>

/etc/httpd/conf.d/ssl.conf 

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName name.domain.com
ProxyPass / https://127.0.0.1:8000/
ProxyPassReverse / https://127.0.0.1:8000/
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/name.domain.crt
SSLCertificateKeyFile /etc/httpd/ssl/name.domain.key
SSLProxyEngine on
SSLProxyVerify none
</VirtualHost>

/opt/splunk/etc/system/local/web.conf

[settings]
enableSplunkWebSSL = 1
privKeyPath = /etc/httpd/ssl/name.domain.key
caCertPath = /etc/httpd/ssl/name.domain.crt

With these changes and modifications , when I type url  "https://name.domain.com" on the web browser it opens the apache test page and the page is secured 🙂 . But when I type https://name.domain.com:8000 to open splunk web, it shows in browser " This site cant provide a secure connection". 😞 

I think the problem is that, in the apache config files it cannot locate the SSLCertificateFile as I just provided the domain.name.crt there thinking it will somehow get the ssl crt and key files from the browser but it doesnt. Maybe , I have to put manually the ssl files in the specified locations. But, for aws created ssl certificates there is no way to export the .crt and .key files for ssl. So, what do I use for the fields SSLCertificateFile and SSLCertificatekey in the apache config files???? Please help????

Labels (5)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...