Security

Why am I receiving errors after configuring Splunk Web SSL with self signed certificates?

davesplunk01
Path Finder

Installed Splunk 6.5.1 and followed the steps from https://docs.splunk.com/Documentation/Splunk/6.5.2/Security/Howtoself-signcertificates and enabled the Splunk Web SSL. Still facing the issue

Chrome:

"Your connection is not private". while debugging more saw the error: NET::ERR_CERT_AUTHORITY_INVALID from the chrome browser. 

IE:

"There is a problem with this website’s security certificate".

Is there any configuration missing? I have followed all the steps and there are no error in internal logs also.

thanks,

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

You will have ssl warnings from your browser regardless because most of them warn when a self signed certificate is being used, even if you add the ssl certificate to the certificate store. However, you can usually get the browser to stop popping up the warning if you add the certificate to the trusted root store, or another store your browser uses.

Sometimes it depends on what browser you want to use. Take for example this answer on how to get Chrome to trust your self signed certificate:

http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificat...

Another common issue (No pun intended) is when you give your self signed certificate a common name of something like "mysplunkhost.mydomain.com" but then you open the web ui using https://localhost:8000. To get around this issue you typically have to add the following to your hosts file (/etc/hosts, or c:\windows\system32\drivers\etc\hosts):

127.0.0.1 localhost, mysplunkhost.mydomain.com, orWhateverCommonNameYouGaveYourSelfSignedCert

After making this change you may need to restart your browser.

View solution in original post

0 Karma

aaraneta_splunk
Splunk Employee
Splunk Employee

@davesplunk01 - Did one of the answers below help provide a solution your question? If yes, please click “Accept” below the best answer to resolve this post and upvote anything that was helpful. If no, please leave a comment with more feedback. Thanks.

0 Karma

starcher
SplunkTrust
SplunkTrust

We also tend to recommend using a third party cert if you have no easy trust management of your user systems.
https://wiki.splunk.com/Virtual_.conf
April 2016 section for materials on SSL and Splunk.

0 Karma

jkat54
SplunkTrust
SplunkTrust

You will have ssl warnings from your browser regardless because most of them warn when a self signed certificate is being used, even if you add the ssl certificate to the certificate store. However, you can usually get the browser to stop popping up the warning if you add the certificate to the trusted root store, or another store your browser uses.

Sometimes it depends on what browser you want to use. Take for example this answer on how to get Chrome to trust your self signed certificate:

http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificat...

Another common issue (No pun intended) is when you give your self signed certificate a common name of something like "mysplunkhost.mydomain.com" but then you open the web ui using https://localhost:8000. To get around this issue you typically have to add the following to your hosts file (/etc/hosts, or c:\windows\system32\drivers\etc\hosts):

127.0.0.1 localhost, mysplunkhost.mydomain.com, orWhateverCommonNameYouGaveYourSelfSignedCert

After making this change you may need to restart your browser.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...