Splunk Enterprise

How to use purchased third-party certificates with HTTP Events Collector?

hijklmno
Engager

Hi,

I have a use case where I need to send data from Chrome (client-side) to Splunk, where the website resides on HTTPS. Chrome fails self-signed certificates (net::ERR_INSECURE_RESPONSE), so I would need to use our own certificates.

Do I specify something in $SPLUNK_HOME/etc/system/local/inputs.conf? I am using Comodo, and have a private key, wildcard cert, two intermediate certs, and a root cert.

I have setup Splunk Web with our own certificate already, and it works fine.

I am using a browserify-ed version of splunk-javascript-logging on the website, and running Splunk Light, 6.4.2, on an AWS linux AMI.

Thanks for your help!

Tags (1)
0 Karma
1 Solution

hijklmno
Engager

I have solved this issue by terminating SSL via AWS load balancer.

View solution in original post

0 Karma

apple9211
Explorer

https://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Inputsconf#http:_.28HTTP_Event_Collector.29

Here it lists all of the SSL options like serverCert = , sslKeysfile = , sslPassword = that would be potentially relevant for getting your certificates to work with the HTTP Event Collector

0 Karma

hijklmno
Engager

I have solved this issue by terminating SSL via AWS load balancer.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...