Training + Certification

I am getting Certificate Error

abhayneilam
Contributor

HI, I have configured SSL in Splunk . It is not self signed but issued by Certified Authority.

I have enabled https option from Splunk GUI also. I am using 7.1.1 version.

Now, the problem is . If I open my SH with https it is opening, but Certificate Error is giving :

This page is not secure (broken HTTPS).
Certificate - Subject Alternative Name missing
The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.
View certificate
Certificate - missing

The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID

I am getting this by pressing F12 and Security tab and my URL is becoming red and https is getting striked out.

Kindly help in solving this !!

Tags (1)
0 Karma

_joe
Communicator

You need a certificate that specifies the alt name, which doesn't happen when in the Splunk guide for cert creation.

One option would be to follow Step 3 in this guide. If you have a single server that creates all your certificates, you would need to change openssl.cnf before each cert creation. FYI, changing these type of files will cause a manifest error until you either put the old file back or upgrade.

https://www.hurricanelabs.com/splunk-tutorials/splunk-certificates-master-guide

#Edit the openSSL file
vi /opt/splunk/openssl/openssl.cnf

# Uncomment out the Request Extensions options

    # Optional: Use "/" to search for req_extensions

    Change FROM: #req_extensions = v3_req # The extensions to add to a certificate request
             TO: req_extensions = v3_req # The extensions to add to a certificate request

    # Optional: Use "/" to search for v3_req 

#Add extended key usage 'subjectAltName = DNS:<FQDN>, DNS:<hostname>, IP:<ip_address>'
0 Karma

_joe
Communicator

You've kind of answered your own question, but the error is because the certificate specified in the CN field of your certificate and your host don't match.

Here are some helpful steps if you are using Linux and Splunk Home is "/opt/splunk"
I - Find what host your using
/opt/splunk/bin/splunk btool web list | grep serverCert

2 - Check your CN
/opt/splunk/bin/splunk cmd openssl x509 -in .pem -text | grep Subject:

It could be something as simple as just needing to specify the FQDN

0 Karma

ichea
Engager

How did you fix this?

abhayneilam
Contributor

Thanks it is solved, I did it myself !!

0 Karma

DBattisto
Communicator

Please provide input on what you did to fix this issue.

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

<P style=" text-align: center; "><span class="lia-inline-image-display-wrapper lia-image-align-center" ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

<FONT size="5"><FONT size="5" color="#FF00FF">Get the latest news and updates from the Splunk Community ...