Splunk Enterprise Security

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

JohannLiebert92
Path Finder

Hi everyone,

I'm having trouble to access Splunk web on HTTPS. After I installed ES, HTTPS was on automatically for Splunk web, however I couldn't access it while it is on HTTPS. I tried to disable HTTPS manually by editing the web.conf and able to access the web again. As such, I would like to gather some insights/suggestion what could potentially be the cause of this. Has anyone encountered similar issue in their environment before?

P/s: While web HTTPS is on, I tried to access Splunk web on http, (e.g. http://myserver:8000), I was returned with "connect failed" on the browser page. And I saw the warn message "Socket error from while idling:error 1408F10B:SSL_routines:SSL_GET_RECORD:wrong version number" was generated in splunkd.log

Thanks!

1 Solution

Kendrick821
Explorer

please check if there is a proxy in between client machine and splunk server. Most likely the proxy has a policy of blocking SSL connection that is not trusted by the proxy.

View solution in original post

skalliger
Motivator

You did not mention whether you created a self-signed certificate before or not (or a real certificate issued by a CA). Splunk Enterprise Security is only working with HTTPS, it cannot be disabled.

Skalli

0 Karma

JohannLiebert92
Path Finder

Hi skalliger, thanks for helping. At this stage I am using the default Splunk web certificate, (and real certificate for splunkd). The cause of the issue turned out to be the proxy which blocked the traffic from accessing it. Thanks!!

0 Karma

JohannLiebert92
Path Finder

Hi garethatiag, thanks for helping. Yes I tried Chrome and IE, however I just realized the internet settings for both Chrome and IE are shared, and thus the proxy block.

0 Karma

Kendrick821
Explorer

please check if there is a proxy in between client machine and splunk server. Most likely the proxy has a policy of blocking SSL connection that is not trusted by the proxy.

JohannLiebert92
Path Finder

This really turned out to be the cause of the issue. There was a proxy which block the traffic from accessing the server. After Splunk server has been whitelisted we can access it with HTTPS.

Thanks everyone for helping!!!!

0 Karma

gjanders
SplunkTrust
SplunkTrust

Can you please confirm that you are using a modern Chrome/Firefox or Edge browser to browse to https://myserver:8000 ?

0 Karma

p_gurav
Champion

which splunk version you are using?

0 Karma

JohannLiebert92
Path Finder

Hi p_gurav,

I'm using Splunk 7.0.1.

0 Karma

p_gurav
Champion

when you are accessing https://your-server:8000 , what error your getting?

0 Karma

JohannLiebert92
Path Finder

I din't pay attention to exact message, will need to revert back to you once I have access to the server on Monday again. But it looked like one of those responses when page is unavailable, e.g. accessing splunk web on HTTP when HTTPS is enabled.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...