Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to ssl secure Splunk web running on EC2 using ELB

sushainmagotra
Loves-to-Learn Lots
‎10-15-2020 03:05 AM

Hi all,

So, we have a Splunk Enterprise running on an ec2 instance and we want to ssl secure the splunk web url.
So for this we first got a name domain (eg."name.domain.com" ) from aws route53 and then got an aws  ssl certificate for this domain. 
Next, we created a load balancer with  a target group(target-1) HTTP at port 80 to the ec2 instance. And a second target group(target-2) HTTPS at port 443  to the same ec2 instance but without the load balancer.
Then, we have two listeners to the load balancer:

1. HTTPS 443 listener with the aws ssl certificate that we got from aws. This listener is forwarding to the  target group target-1

2. HTTP  8000 listener . This listener is redirecting to HTTPS://#{host}:443/#{path}?#{query}.

Then on my ec2 instance I have an apache httpd server. And I made the following changes in the  apache and splunk config files:

 

/etc/httpd/conf/httpd.conf 

Listen 80
<VirtualHost *:80>
ServerName name.domain.com
Redirect permanent / https://name.domain.com/
</VirtualHost>

/etc/httpd/conf.d/ssl.conf 

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName name.domain.com
ProxyPass / https://127.0.0.1:8000/
ProxyPassReverse / https://127.0.0.1:8000/
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/name.domain.crt
SSLCertificateKeyFile /etc/httpd/ssl/name.domain.key
SSLProxyEngine on
SSLProxyVerify none
</VirtualHost>

/opt/splunk/etc/system/local/web.conf

[settings]
enableSplunkWebSSL = 1
privKeyPath = /etc/httpd/ssl/name.domain.key
caCertPath = /etc/httpd/ssl/name.domain.crt

With these changes and modifications , when I type url  "https://name.domain.com" on the web browser it opens the apache test page and the page is secured 🙂 . But when I type https://name.domain.com:8000 to open splunk web, it shows in browser " This site cant provide a secure connection". 😞 

I think the problem is that, in the apache config files it cannot locate the SSLCertificateFile as I just provided the domain.name.crt there thinking it will somehow get the ssl crt and key files from the browser but it doesnt. Maybe , I have to put manually the ssl files in the specified locations. But, for aws created ssl certificates there is no way to export the .crt and .key files for ssl. So, what do I use for the fields SSLCertificateFile and SSLCertificatekey in the apache config files???? Please help????

Labels (4)
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...