Solved: Troubles Accessing Splunk Web With HTTPS (Enterpri...

JohannLiebert92 · ‎02-22-2018

Hi everyone,

I'm having trouble to access Splunk web on HTTPS. After I installed ES, HTTPS was on automatically for Splunk web, however I couldn't access it while it is on HTTPS. I tried to disable HTTPS manually by editing the web.conf and able to access the web again. As such, I would like to gather some insights/suggestion what could potentially be the cause of this. Has anyone encountered similar issue in their environment before?

P/s: While web HTTPS is on, I tried to access Splunk web on http, (e.g. http://myserver:8000), I was returned with "connect failed" on the browser page. And I saw the warn message "Socket error from while idling:error 1408F10B:SSL_routines:SSL_GET_RECORD:wrong version number" was generated in splunkd.log

Thanks!

Kendrick821 · ‎02-26-2018

please check if there is a proxy in between client machine and splunk server. Most likely the proxy has a policy of blocking SSL connection that is not trusted by the proxy.

View solution in original post

skalliger · ‎02-26-2018

You did not mention whether you created a self-signed certificate before or not (or a real certificate issued by a CA). Splunk Enterprise Security is only working with HTTPS, it cannot be disabled.

Skalli

JohannLiebert92 · ‎02-28-2018

Hi skalliger, thanks for helping. At this stage I am using the default Splunk web certificate, (and real certificate for splunkd). The cause of the issue turned out to be the proxy which blocked the traffic from accessing it. Thanks!!

JohannLiebert92 · ‎02-28-2018

Hi garethatiag, thanks for helping. Yes I tried Chrome and IE, however I just realized the internet settings for both Chrome and IE are shared, and thus the proxy block.

Kendrick821 · ‎02-26-2018

please check if there is a proxy in between client machine and splunk server. Most likely the proxy has a policy of blocking SSL connection that is not trusted by the proxy.

JohannLiebert92 · ‎02-28-2018

This really turned out to be the cause of the issue. There was a proxy which block the traffic from accessing the server. After Splunk server has been whitelisted we can access it with HTTPS.

Thanks everyone for helping!!!!

gjanders · ‎02-25-2018

Can you please confirm that you are using a modern Chrome/Firefox or Edge browser to browse to https://myserver:8000 ?

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

p_gurav · ‎02-23-2018

which splunk version you are using?

JohannLiebert92 · ‎02-23-2018

Hi p_gurav,

I'm using Splunk 7.0.1.

p_gurav · ‎02-23-2018

when you are accessing https://your-server:8000 , what error your getting?

JohannLiebert92 · ‎02-23-2018

I din't pay attention to exact message, will need to revert back to you once I have access to the server on Monday again. But it looked like one of those responses when page is unavailable, e.g. accessing splunk web on HTTP when HTTPS is enabled.

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...