Hi @ielshahrori The issue you have is likely due to a mismatch between the default self-signed certificate's Common Name (CN), which is typically set to the Splunk server's hostname or localhost, a...
See more...
Hi @ielshahrori The issue you have is likely due to a mismatch between the default self-signed certificate's Common Name (CN), which is typically set to the Splunk server's hostname or localhost, and the public IP address used for access. This causes SSL/TLS handshake failures in browsers when attempting HTTPS connections (e.g., https://publicIP:8000), even though basic TCP connectivity (like telnet) succeeds on port 8000. Browsers enforce strict certificate validation, and self-signed certs with CN mismatches often result in "unable to reach" errors without an option to proceed unless explicitly overridden. If you are using the public IP address over HTTPS then I assume you do not have a valid trusted certificate that the clients can validate for connecting to Splunk? Its not typical to have an SSL certificate that matches an IP address, instead you should have a hostname with DNS that resolves to the IP address of your Splunk server. Then you will either need a Public Trusted SSL cert, or a self-signed cert which the clients have the root CA trusted one their system. You can then configure the custom SSL cert in Splunk: Update web.conf (typically in $SPLUNK_HOME/etc/system/local/) with: [settings]
enableSplunkWebSSL = true
serverCert = <path_to_your_new_cert.pem> Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing