Splunk Enterprise Security

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

JohannLiebert92
Path Finder

Hi everyone,

I'm having trouble to access Splunk web on HTTPS. After I installed ES, HTTPS was on automatically for Splunk web, however I couldn't access it while it is on HTTPS. I tried to disable HTTPS manually by editing the web.conf and able to access the web again. As such, I would like to gather some insights/suggestion what could potentially be the cause of this. Has anyone encountered similar issue in their environment before?

P/s: While web HTTPS is on, I tried to access Splunk web on http, (e.g. http://myserver:8000), I was returned with "connect failed" on the browser page. And I saw the warn message "Socket error from while idling:error 1408F10B:SSL_routines:SSL_GET_RECORD:wrong version number" was generated in splunkd.log

Thanks!

1 Solution

Kendrick821
Explorer

please check if there is a proxy in between client machine and splunk server. Most likely the proxy has a policy of blocking SSL connection that is not trusted by the proxy.

View solution in original post

skalliger
SplunkTrust
SplunkTrust

You did not mention whether you created a self-signed certificate before or not (or a real certificate issued by a CA). Splunk Enterprise Security is only working with HTTPS, it cannot be disabled.

Skalli

0 Karma

JohannLiebert92
Path Finder

Hi skalliger, thanks for helping. At this stage I am using the default Splunk web certificate, (and real certificate for splunkd). The cause of the issue turned out to be the proxy which blocked the traffic from accessing it. Thanks!!

0 Karma

JohannLiebert92
Path Finder

Hi garethatiag, thanks for helping. Yes I tried Chrome and IE, however I just realized the internet settings for both Chrome and IE are shared, and thus the proxy block.

0 Karma

Kendrick821
Explorer

please check if there is a proxy in between client machine and splunk server. Most likely the proxy has a policy of blocking SSL connection that is not trusted by the proxy.

View solution in original post

JohannLiebert92
Path Finder

This really turned out to be the cause of the issue. There was a proxy which block the traffic from accessing the server. After Splunk server has been whitelisted we can access it with HTTPS.

Thanks everyone for helping!!!!

0 Karma

gjanders
SplunkTrust
SplunkTrust

Can you please confirm that you are using a modern Chrome/Firefox or Edge browser to browse to https://myserver:8000 ?

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma

p_gurav
Champion

which splunk version you are using?

0 Karma

JohannLiebert92
Path Finder

Hi p_gurav,

I'm using Splunk 7.0.1.

0 Karma

p_gurav
Champion

when you are accessing https://your-server:8000 , what error your getting?

0 Karma

JohannLiebert92
Path Finder

I din't pay attention to exact message, will need to revert back to you once I have access to the server on Monday again. But it looked like one of those responses when page is unavailable, e.g. accessing splunk web on HTTP when HTTPS is enabled.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!