Certificate enrollment on windows and *nix systems are slightly different. For the purposes of getting our windows splunk web search heads running correctly over SSL with internally assigned certificates issued from our windows certificate authority we use the following sequence documented in following script.
You need to edit the disk and path to your splunk install
You need to edit the url to your certificate authority (or rem it out and go there manually)
Append into a .bat file:
@Echo This script is only used to generate a new private key, key, csr etc for splunkweb @Echo run interactively from an administrative command prompt @Echo make sure to set splunkdisk and splunkpath using notepad first!
@Echo Ctrl C to kill -- or resume.
%splunkpath%\bin\openssl.exe genrsa -des3 -out %computername%webpriv.key 2048 %splunkpath%\bin\openssl.exe rsa -in %splunkpath%\bin\certs\%computername%webpriv.key -out %splunkpath%\bin\certs\%computername%webpriv.key
%splunkpath%\bin\openssl.exe rsa -in %splunkpath%\bin\certs\%computername%webpriv.key -text @Echo if you can read the above private key, the creation and export worked.
%splunkpath%\bin\openssl.exe req -new -key %splunkpath%\bin\certs\%computername%webpriv.key -out %splunkpath%\bin\certs\%computername%webkey.csr
@Echo Please Sign the .csr using the web server template and copy the issued certificate from a windows CA in base 64 format down to this folder to continue.
@Echo NOTE: When you download the certificate it will have an extension of .crt; which is the same file type as PEM and can simply be renamed @Echo If the server is in the same trusted domain as the issuing CA, the chain does not need to be downloaded as a p7b file; however if it is NOT @Echo the certificates need to be appended as the article below indicates manually; the ca public key needs to be found separately because the @Echo openssl convert utility does not preserve the entire chain.
@ECHO *** DO NOT CONTINUE UNTIL YOU HAVE A VALID PEM FILE NAMED %computername%web.pem ****** @Echo the commands to follow will confirm you can read the newly signed and issues certificate @Pause
%splunkpath%\bin\openssl.exe x509 -in %splunkpath%\bin\certs\%computername%web.pem
@Echo if this printed to the screen in full you may continue; else restart the process @Paulse
rem del %splunkpath%\etc\auth\splunkweb*.old
rename %splunkpath%\etc\auth\splunkweb\cert.pem %splunkpath%\etc\auth\splunkweb\cert.pem.old
remane %splunkpath%\etc\auth\splunkweb\privkey.pem %splunkpath%\etc\auth\splunkweb\privkey.pem.old
rem if you don't do this rename you need to edit web.conf to reflect the new file locations with is a PITA copy %splunkpath%\bin\certs\%computername%web.pem %splunkpath%\etc\auth\splunkweb\cert.pem
copy %splunkpath%\bin\certs\%computername%webpriv.key %splunkpath%\etc\auth\splunkweb\privkey.pem