Solved: How to use purchased third-party certificates with...

hijklmno · ‎08-10-2016

Hi,

I have a use case where I need to send data from Chrome (client-side) to Splunk, where the website resides on HTTPS. Chrome fails self-signed certificates (net::ERR_INSECURE_RESPONSE), so I would need to use our own certificates.

Do I specify something in $SPLUNK_HOME/etc/system/local/inputs.conf? I am using Comodo, and have a private key, wildcard cert, two intermediate certs, and a root cert.

I have setup Splunk Web with our own certificate already, and it works fine.

I am using a browserify-ed version of splunk-javascript-logging on the website, and running Splunk Light, 6.4.2, on an AWS linux AMI.

Thanks for your help!

hijklmno · ‎01-13-2017

I have solved this issue by terminating SSL via AWS load balancer.

View solution in original post

apple9211 · ‎01-13-2017

https://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Inputsconf#http:_.28HTTP_Event_Collector.29

Here it lists all of the SSL options like serverCert = , sslKeysfile = , sslPassword = that would be potentially relevant for getting your certificates to work with the HTTP Event Collector

hijklmno · ‎01-13-2017

I have solved this issue by terminating SSL via AWS load balancer.

How to use purchased third-party certificates with HTTP Events Collector?

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats