Security

Why am I receiving errors after configuring Splunk Web SSL with self signed certificates?

davesplunk01
Path Finder

Installed Splunk 6.5.1 and followed the steps from https://docs.splunk.com/Documentation/Splunk/6.5.2/Security/Howtoself-signcertificates and enabled the Splunk Web SSL. Still facing the issue

Chrome:

"Your connection is not private". while debugging more saw the error: NET::ERR_CERT_AUTHORITY_INVALID from the chrome browser. 

IE:

"There is a problem with this website’s security certificate".

Is there any configuration missing? I have followed all the steps and there are no error in internal logs also.

thanks,

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

You will have ssl warnings from your browser regardless because most of them warn when a self signed certificate is being used, even if you add the ssl certificate to the certificate store. However, you can usually get the browser to stop popping up the warning if you add the certificate to the trusted root store, or another store your browser uses.

Sometimes it depends on what browser you want to use. Take for example this answer on how to get Chrome to trust your self signed certificate:

http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificat...

Another common issue (No pun intended) is when you give your self signed certificate a common name of something like "mysplunkhost.mydomain.com" but then you open the web ui using https://localhost:8000. To get around this issue you typically have to add the following to your hosts file (/etc/hosts, or c:\windows\system32\drivers\etc\hosts):

127.0.0.1 localhost, mysplunkhost.mydomain.com, orWhateverCommonNameYouGaveYourSelfSignedCert

After making this change you may need to restart your browser.

View solution in original post

0 Karma

aaraneta_splunk
Splunk Employee
Splunk Employee

@davesplunk01 - Did one of the answers below help provide a solution your question? If yes, please click “Accept” below the best answer to resolve this post and upvote anything that was helpful. If no, please leave a comment with more feedback. Thanks.

0 Karma

starcher
SplunkTrust
SplunkTrust

We also tend to recommend using a third party cert if you have no easy trust management of your user systems.
https://wiki.splunk.com/Virtual_.conf
April 2016 section for materials on SSL and Splunk.

0 Karma

jkat54
SplunkTrust
SplunkTrust

You will have ssl warnings from your browser regardless because most of them warn when a self signed certificate is being used, even if you add the ssl certificate to the certificate store. However, you can usually get the browser to stop popping up the warning if you add the certificate to the trusted root store, or another store your browser uses.

Sometimes it depends on what browser you want to use. Take for example this answer on how to get Chrome to trust your self signed certificate:

http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificat...

Another common issue (No pun intended) is when you give your self signed certificate a common name of something like "mysplunkhost.mydomain.com" but then you open the web ui using https://localhost:8000. To get around this issue you typically have to add the following to your hosts file (/etc/hosts, or c:\windows\system32\drivers\etc\hosts):

127.0.0.1 localhost, mysplunkhost.mydomain.com, orWhateverCommonNameYouGaveYourSelfSignedCert

After making this change you may need to restart your browser.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...