Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Unable to ssl secure Splunk web running on EC2 using ELB

sushainmagotra
Loves-to-Learn Lots
‎10-15-2020 03:05 AM

Hi all,

So, we have a Splunk Enterprise running on an ec2 instance and we want to ssl secure the splunk web url.
So for this we first got a name domain (eg."name.domain.com" ) from aws route53 and then got an aws  ssl certificate for this domain. 
Next, we created a load balancer with  a target group(target-1) HTTP at port 80 to the ec2 instance. And a second target group(target-2) HTTPS at port 443  to the same ec2 instance but without the load balancer.
Then, we have two listeners to the load balancer:

1. HTTPS 443 listener with the aws ssl certificate that we got from aws. This listener is forwarding to the  target group target-1

2. HTTP  8000 listener . This listener is redirecting to HTTPS://#{host}:443/#{path}?#{query}.

Then on my ec2 instance I have an apache httpd server. And I made the following changes in the  apache and splunk config files:

 

/etc/httpd/conf/httpd.conf 

Listen 80
<VirtualHost *:80>
ServerName name.domain.com
Redirect permanent / https://name.domain.com/
</VirtualHost>

/etc/httpd/conf.d/ssl.conf 

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName name.domain.com
ProxyPass / https://127.0.0.1:8000/
ProxyPassReverse / https://127.0.0.1:8000/
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/name.domain.crt
SSLCertificateKeyFile /etc/httpd/ssl/name.domain.key
SSLProxyEngine on
SSLProxyVerify none
</VirtualHost>

/opt/splunk/etc/system/local/web.conf

[settings]
enableSplunkWebSSL = 1
privKeyPath = /etc/httpd/ssl/name.domain.key
caCertPath = /etc/httpd/ssl/name.domain.crt

With these changes and modifications , when I type url  "https://name.domain.com" on the web browser it opens the apache test page and the page is secured 🙂 . But when I type https://name.domain.com:8000 to open splunk web, it shows in browser " This site cant provide a secure connection". 😞 

I think the problem is that, in the apache config files it cannot locate the SSLCertificateFile as I just provided the domain.name.crt there thinking it will somehow get the ssl crt and key files from the browser but it doesnt. Maybe , I have to put manually the ssl files in the specified locations. But, for aws created ssl certificates there is no way to export the .crt and .key files for ssl. So, what do I use for the fields SSLCertificateFile and SSLCertificatekey in the apache config files???? Please help????

Labels (4)
Tags (1)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...