- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Installed Splunk 6.5.1 and followed the steps from https://docs.splunk.com/Documentation/Splunk/6.5.2/Security/Howtoself-signcertificates and enabled the Splunk Web SSL. Still facing the issue
Chrome:
"Your connection is not private". while debugging more saw the error: NET::ERR_CERT_AUTHORITY_INVALID from the chrome browser.
IE:
"There is a problem with this website’s security certificate".
Is there any configuration missing? I have followed all the steps and there are no error in internal logs also.
thanks,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You will have ssl warnings from your browser regardless because most of them warn when a self signed certificate is being used, even if you add the ssl certificate to the certificate store. However, you can usually get the browser to stop popping up the warning if you add the certificate to the trusted root store, or another store your browser uses.
Sometimes it depends on what browser you want to use. Take for example this answer on how to get Chrome to trust your self signed certificate:
Another common issue (No pun intended) is when you give your self signed certificate a common name of something like "mysplunkhost.mydomain.com" but then you open the web ui using https://localhost:8000. To get around this issue you typically have to add the following to your hosts file (/etc/hosts, or c:\windows\system32\drivers\etc\hosts):
127.0.0.1 localhost, mysplunkhost.mydomain.com, orWhateverCommonNameYouGaveYourSelfSignedCert
After making this change you may need to restart your browser.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@davesplunk01 - Did one of the answers below help provide a solution your question? If yes, please click “Accept” below the best answer to resolve this post and upvote anything that was helpful. If no, please leave a comment with more feedback. Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We also tend to recommend using a third party cert if you have no easy trust management of your user systems.
https://wiki.splunk.com/Virtual_.conf
April 2016 section for materials on SSL and Splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You will have ssl warnings from your browser regardless because most of them warn when a self signed certificate is being used, even if you add the ssl certificate to the certificate store. However, you can usually get the browser to stop popping up the warning if you add the certificate to the trusted root store, or another store your browser uses.
Sometimes it depends on what browser you want to use. Take for example this answer on how to get Chrome to trust your self signed certificate:
Another common issue (No pun intended) is when you give your self signed certificate a common name of something like "mysplunkhost.mydomain.com" but then you open the web ui using https://localhost:8000. To get around this issue you typically have to add the following to your hosts file (/etc/hosts, or c:\windows\system32\drivers\etc\hosts):
127.0.0.1 localhost, mysplunkhost.mydomain.com, orWhateverCommonNameYouGaveYourSelfSignedCert
After making this change you may need to restart your browser.
