configure CA issued certificate on splunkd port 8089 and web port 8443 on SH cluster


We have a requirement to configure splunk with the CA issued certificates.

We are running Splunk

In test environment – two standalone splunk instances.

In other environments –   cluster

3 node SH cluster  + SH deployer

3 node indexer cluster + CM

License Master/Monitoring server

Deployment Server

Heavy forwarders


I tried to configure standalone server's Splunk web (8443) and splunkd (8089) using this new CA issued cert.

But after I configured it for splunkd 8089 it breaks web, command line and also when I run openssl from other server it shows connected but then hangs and does not show certs.

I came across following link but it was for splunk 6 and things has changed a lot since then.

We also want to configure SH cluster to use CA issued cert for splunkd (8089).

But I could not find doc for SH cluster.

On standalone splunk instance:

cat /opt/splunk/etc/system/local/web.conf

httpport = 8443
enableSplunkWebSSL = 1
sslVersions = tls1.2
sslPassword = $7$1_encrypted_password_lzShn0euEM5Yi9m6pUPS38TkYu1lDDsg=
serverCert = etc/auth/splunkweb/QA_Splunk_Concatenated.pem
privKeyPath = etc/auth/splunkweb/QA_Splunk_PrivateKey.key

cat /opt/splunk/etc/system/local/server.conf
serverName = xxx.test
pass4SymmKey = $7$k_encryted_key==

#serverCert = server.pem
sslPassword = $7$3_encryted_key==
sslVersions = tls1.2
enableSplunkdSSL = true
serverCert = /opt/splunk/etc/auth/splunkweb/QA_Splunk_Concatenated.pem
#requireClientCert = false

Is this correct?

Also, Do I need to request separate cert for each SH member? Will this impact other communication between SH custer and indexer cluster, license master, monitoring console, SH deployer?

Labels (1)
Tags (1)
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!