Splunk Enterprise Security
Highlighted

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Path Finder

Hi everyone,

I'm having trouble to access Splunk web on HTTPS. After I installed ES, HTTPS was on automatically for Splunk web, however I couldn't access it while it is on HTTPS. I tried to disable HTTPS manually by editing the web.conf and able to access the web again. As such, I would like to gather some insights/suggestion what could potentially be the cause of this. Has anyone encountered similar issue in their environment before?

P/s: While web HTTPS is on, I tried to access Splunk web on http, (e.g. http://myserver:8000), I was returned with "connect failed" on the browser page. And I saw the warn message "Socket error from while idling:error 1408F10B:SSLroutines:SSLGET_RECORD:wrong version number" was generated in splunkd.log

Thanks!

Highlighted

Re: Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Champion

which splunk version you are using?

0 Karma
Highlighted

Re: Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Path Finder

Hi p_gurav,

I'm using Splunk 7.0.1.

0 Karma
Highlighted

Re: Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Champion

when you are accessing https://your-server:8000 , what error your getting?

0 Karma
Highlighted

Re: Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Path Finder

I din't pay attention to exact message, will need to revert back to you once I have access to the server on Monday again. But it looked like one of those responses when page is unavailable, e.g. accessing splunk web on HTTP when HTTPS is enabled.

0 Karma
Highlighted

Re: Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

SplunkTrust
SplunkTrust

Can you please confirm that you are using a modern Chrome/Firefox or Edge browser to browse to https://myserver:8000 ?

0 Karma
Highlighted

Re: Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Explorer

please check if there is a proxy in between client machine and splunk server. Most likely the proxy has a policy of blocking SSL connection that is not trusted by the proxy.

View solution in original post

Highlighted

Re: Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Path Finder

This really turned out to be the cause of the issue. There was a proxy which block the traffic from accessing the server. After Splunk server has been whitelisted we can access it with HTTPS.

Thanks everyone for helping!!!!

0 Karma
Highlighted

Re: Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

SplunkTrust
SplunkTrust

You did not mention whether you created a self-signed certificate before or not (or a real certificate issued by a CA). Splunk Enterprise Security is only working with HTTPS, it cannot be disabled.

Skalli

0 Karma
Highlighted

Re: Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Path Finder

Hi skalliger, thanks for helping. At this stage I am using the default Splunk web certificate, (and real certificate for splunkd). The cause of the issue turned out to be the proxy which blocked the traffic from accessing it. Thanks!!

0 Karma