Security

Unable to ssl secure Splunk web running on EC2 using ELB

sushainmagotra
Loves-to-Learn Lots

Hi all,

So, we have a Splunk Enterprise running on an ec2 instance and we want to ssl secure the splunk web url.
So for this we first got a name domain (eg."name.domain.com" ) from aws route53 and then got an aws  ssl certificate for this domain. 
Next, we created a load balancer with  a target group(target-1) HTTP at port 80 to the ec2 instance. And a second target group(target-2) HTTPS at port 443  to the same ec2 instance but without the load balancer.
Then, we have two listeners to the load balancer:

1. HTTPS 443 listener with the aws ssl certificate that we got from aws. This listener is forwarding to the  target group target-1

2. HTTP  8000 listener . This listener is redirecting to HTTPS://#{host}:443/#{path}?#{query}.

Then on my ec2 instance I have an apache httpd server. And I made the following changes in the  apache and splunk config files:

 

/etc/httpd/conf/httpd.conf 

Listen 80
<VirtualHost *:80>
ServerName name.domain.com
Redirect permanent / https://name.domain.com/
</VirtualHost>

/etc/httpd/conf.d/ssl.conf 

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName name.domain.com
ProxyPass / https://127.0.0.1:8000/
ProxyPassReverse / https://127.0.0.1:8000/
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/name.domain.crt
SSLCertificateKeyFile /etc/httpd/ssl/name.domain.key
SSLProxyEngine on
SSLProxyVerify none
</VirtualHost>

/opt/splunk/etc/system/local/web.conf

[settings]
enableSplunkWebSSL = 1
privKeyPath = /etc/httpd/ssl/name.domain.key
caCertPath = /etc/httpd/ssl/name.domain.crt

With these changes and modifications , when I type url  "https://name.domain.com" on the web browser it opens the apache test page and the page is secured 🙂 . But when I type https://name.domain.com:8000 to open splunk web, it shows in browser " This site cant provide a secure connection". 😞 

I think the problem is that, in the apache config files it cannot locate the SSLCertificateFile as I just provided the domain.name.crt there thinking it will somehow get the ssl crt and key files from the browser but it doesnt. Maybe , I have to put manually the ssl files in the specified locations. But, for aws created ssl certificates there is no way to export the .crt and .key files for ssl. So, what do I use for the fields SSLCertificateFile and SSLCertificatekey in the apache config files???? Please help????

Labels (5)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...