As this is a Chrome application it is allowed to make the cross-site request directly to the Splunk server. However, when using either the Splunk JS SDK or the RESTful API to connect directly to Splunk, we get certificate errors as the default certificate provided by Splunk is invalid (the Common Name does not match the hosted domain, etc.) The errors in the browser are NET::ERR_INSECURE_RESPONSE and NET::ERR_CERT_COMMON_NAME_INVALID. Using curl works fine, but I presume this is because it makes no attempt to validate certificates.
Ideally, we would like to make the request directly to Splunk, without having to rely on any additional server-side infrastructure for proxying results, using server-side scripts, etc.
As far as I can see, we would need to update the certificate on the management port, but Splunk recommends that this certificate is not changed. (Not able to provide the link here, but can be found under "Secure inter-splunk communication with SSL")
What are the recommendations for getting around this? Is this type of direct access not supported?
Any help would be very much appreciated!
... View more