I am trying to enable Server Certificate Hostname Validation in the server.conf file and I literally cut and pasted the command
sslVerifyServerName = true # turns on TLS certificate host name validation
from the Splunk documentation and when I restart Splunk on this on prem deployment server it says :
WARNING: Server Certificate Hostname Validation is disabled. Please see server.conf/[sslConfig]/cliVerifyServerName for details.
now I get the CLI command is cliVerifyServerName instead of sslVerifyServerName, but I even tried having both lines there and it still does not like it
I have issued an Enterprise web certificate to this server, it is still valid for two years, so I am at a total loss here please help
Hi,
As far as I understand the root problem of this issue that Splunk cannot determinate that your SSL certificate issuer is trustable or not.
I play
ed a lot with this - I using CA trusted wildcard certificate. And end up this configuration in server.conf:
sslVerifyServerCert = true
cliVerifyServerName = true
serverCert = $SPLUNK_HOME/etc/auth/mycert/cert-with-key.pem (-> servercert+middle-chain cert+root cert+ private key)
sslRootCAPath = /etc/ssl/certs/ca-bundle.crt
sslRootCAPath is the path of your OS trusted CA bundle. You may need to add Your issuer to this list manually. (the root cert only). Depending by OS, but same process:
https://ubuntu.com/server/docs/security-trust-store
Now I have no such warning, and seems everything working fine. (May could work if you pointing the your root cert only with sslRootCAPath, but that not tested )
KR.