I'm having trouble to access Splunk web on HTTPS. After I installed ES, HTTPS was on automatically for Splunk web, however I couldn't access it while it is on HTTPS. I tried to disable HTTPS manually by editing the web.conf and able to access the web again. As such, I would like to gather some insights/suggestion what could potentially be the cause of this. Has anyone encountered similar issue in their environment before?
P/s: While web HTTPS is on, I tried to access Splunk web on http, (e.g. http://myserver:8000), I was returned with "connect failed" on the browser page. And I saw the warn message "Socket error from while idling:error 1408F10B:SSLroutines:SSLGET_RECORD:wrong version number" was generated in splunkd.log
I din't pay attention to exact message, will need to revert back to you once I have access to the server on Monday again. But it looked like one of those responses when page is unavailable, e.g. accessing splunk web on HTTP when HTTPS is enabled.
please check if there is a proxy in between client machine and splunk server. Most likely the proxy has a policy of blocking SSL connection that is not trusted by the proxy.
This really turned out to be the cause of the issue. There was a proxy which block the traffic from accessing the server. After Splunk server has been whitelisted we can access it with HTTPS.
Thanks everyone for helping!!!!
You did not mention whether you created a self-signed certificate before or not (or a real certificate issued by a CA). Splunk Enterprise Security is only working with HTTPS, it cannot be disabled.
Hi skalliger, thanks for helping. At this stage I am using the default Splunk web certificate, (and real certificate for splunkd). The cause of the issue turned out to be the proxy which blocked the traffic from accessing it. Thanks!!