Security

What are the defined steps to take to create and use a self signed certificate on a windows machine for SSL communication with splunk web?

Wiggy
Splunk Employee
Splunk Employee

I have read the following article:
Generate a CSR

but I would like a more descriptive process on generating the certificate on a windows machine.

0 Karma

TobiasBoone
Communicator

Certificate enrollment on windows and *nix systems are slightly different. For the purposes of getting our windows splunk web search heads running correctly over SSL with internally assigned certificates issued from our windows certificate authority we use the following sequence documented in following script.

You need to edit the disk and path to your splunk install
You need to edit the url to your certificate authority (or rem it out and go there manually)

Append into a .bat file:

@Echo This script is only used to generate a new private key, key, csr etc for splunkweb @Echo run interactively from an administrative command prompt @Echo make sure to set splunkdisk and splunkpath using notepad first!
@Echo Ctrl C to kill -- or resume.
@pause

set splunkdisk=e:
set splunkpath=e:\splunk

set OPENSSL_CONF=%splunkpath%\openssl.cnf
md %splunkpath%\bin\certs
%splunkdisk%
cd %splunkpath%\bin\certs

%splunkpath%\bin\openssl.exe genrsa -des3 -out %computername%webpriv.key 2048 %splunkpath%\bin\openssl.exe rsa -in %splunkpath%\bin\certs\%computername%webpriv.key -out %splunkpath%\bin\certs\%computername%webpriv.key
%splunkpath%\bin\openssl.exe rsa -in %splunkpath%\bin\certs\%computername%webpriv.key -text @Echo if you can read the above private key, the creation and export worked.

%splunkpath%\bin\openssl.exe req -new -key %splunkpath%\bin\certs\%computername%webpriv.key -out %splunkpath%\bin\certs\%computername%webkey.csr

notepad %splunkpath%\bin\certs\%computername%webkey.csr
explorer https://certsrv.university.edu.edu/certsrv

@Echo Please Sign the .csr using the web server template and copy the issued certificate from a windows CA in base 64 format down to this folder to continue.
@Echo https://certsrv.university.edu/certsrv
@Echo NOTE: When you download the certificate it will have an extension of .crt; which is the same file type as PEM and can simply be renamed @Echo If the server is in the same trusted domain as the issuing CA, the chain does not need to be downloaded as a p7b file; however if it is NOT @Echo the certificates need to be appended as the article below indicates manually; the ca public key needs to be found separately because the @Echo openssl convert utility does not preserve the entire chain.
@Echo .

@ECHO *** DO NOT CONTINUE UNTIL YOU HAVE A VALID PEM FILE NAMED %computername%web.pem ****** @Echo the commands to follow will confirm you can read the newly signed and issues certificate @Pause

%splunkpath%\bin\openssl.exe x509 -in %splunkpath%\bin\certs\%computername%web.pem

@Echo if this printed to the screen in full you may continue; else restart the process @Paulse

rem del %splunkpath%\etc\auth\splunkweb*.old
rename %splunkpath%\etc\auth\splunkweb\cert.pem %splunkpath%\etc\auth\splunkweb\cert.pem.old
remane %splunkpath%\etc\auth\splunkweb\privkey.pem %splunkpath%\etc\auth\splunkweb\privkey.pem.old

rem if you don't do this rename you need to edit web.conf to reflect the new file locations with is a PITA copy %splunkpath%\bin\certs\%computername%web.pem %splunkpath%\etc\auth\splunkweb\cert.pem
copy %splunkpath%\bin\certs\%computername%webpriv.key %splunkpath%\etc\auth\splunkweb\privkey.pem

rem http://wiki.splunk.com/Community:SplunkWeb_SSL_3rdPartyCA
rem http://docs.splunk.com/Documentation/Splunk/latest/admin/SecureAccessToYourSplunkServerWithSSL

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...