im trying to enable https on my server.
im getting the "splunk https site not secure" msg.
also the ssl is enabled under server settings
this is my web.conf file:
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/wildkey.key
serverCert = /opt/splunk/etc/auth/wildkey.pem
httpport = 8000
when removing the remarks from the rows splunk does not starts
what im doint wrong ?
Hope you're well, to enable https without your own certs use this :
[settings] enableSplunkWebSSL = true
If you want to add your own certs please follow this guide step by step to be sure you're not missing anything :
And here is the documentation for creating your own certs for Splunk :
Please let me know if you're stuck anywhere.
this is what i see:
HttpListener - Socket error from 10.11.44.171:65337 while idling: error:14094416:SSL routines:ssl3readbytes:sslv3 alert certificate unknown
SSLCommon - Received fatal SSL3 alert. sslstate='SSLv3 read finished A', alertdescription='certificate unknown'.
SSLCommon - Received fatal SSL3 alert. sslstate='SSLv3 read client key exchange A', alertdescription='certificate unknown'.
X509Verify - X509 certificate (O=SplunkUser,CN=usnv02splunk01) should not be used, as it is issued by Splunk's own default Certificate Authority (CA). This puts your Splunk instance at very high-risk of the MITM attack. Either commercial-CA-signed or self-CA-signed certificates must be used; see:
Check if anything is pointing to Splunk's default certs and make sure that your certs are the ones that Splunk is pointing to :
$SPLUNKHOME/bin/splunk cmd btool inputs list --debug
$SPLUNKHOME/bin/splunk cmd btool outputs list --debug
$SPLUNK_HOME/bin/splunk cmd btool server list --debug
i see this:
/opt/splunk/etc/system/default/server.conf serverCert = $SPLUNK_HOME/etc/auth/server.pem
/opt/splunk/etc/system/default/server.conf caCertFile = $SPLUNK_HOME/etc/auth/cacert.pem
/opt/splunk/etc/system/default/server.conf caCertFile = $SPLUNK_HOME/etc/auth/appsLicenseCA.pem
Please try web.conf with following settings. Also ensure the certs are "generated by Valid authority" for browser to identify. The self-signed certs may show errors depending on the browser
I'm guessing your wildkey.key format may be incorrect or is encrypted?
[settings] enableSplunkWebSSL = true # absolute paths may be used here. and pem format for priv keys privKeyPath = $SPLUNK_HOME/etc/auth/myprivatekey.pem serverCert = $SPLUNK_HOME/etc/auth/mycacert.pem sslPassword = <password_if_key_is_encrypted>
Your server.conf also needs sslConfig setup
this is the config i have is server.conf
what pass is it , do you know ? should i change it ?
also, can you please guide me how to create the certificate so it will be acceptable by the browser ? it is not me who creates the certs and i want to guide the relevant guy
certificate needs to be created by authorised authority , if it has to be valid in a browser. Please have a read on: https://en.wikipedia.org/wiki/Certificate_authority . . Your organisation may already have a team to do this and liase with a Certificate Authority (CA) already