Splunk Enterprise

How to use purchased third-party certificates with HTTP Events Collector?

Engager

Hi,

I have a use case where I need to send data from Chrome (client-side) to Splunk, where the website resides on HTTPS. Chrome fails self-signed certificates (net::ERRINSECURERESPONSE), so I would need to use our own certificates.

Do I specify something in $SPLUNK_HOME/etc/system/local/inputs.conf? I am using Comodo, and have a private key, wildcard cert, two intermediate certs, and a root cert.

I have setup Splunk Web with our own certificate already, and it works fine.

I am using a browserify-ed version of splunk-javascript-logging on the website, and running Splunk Light, 6.4.2, on an AWS linux AMI.

Thanks for your help!

Tags (1)
0 Karma
1 Solution

Engager

I have solved this issue by terminating SSL via AWS load balancer.

View solution in original post

0 Karma

Explorer

https://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Inputsconf#http:_.28HTTP_Event_Collector.29

Here it lists all of the SSL options like serverCert = , sslKeysfile = , sslPassword = that would be potentially relevant for getting your certificates to work with the HTTP Event Collector

0 Karma

Engager

I have solved this issue by terminating SSL via AWS load balancer.

View solution in original post

0 Karma