web.conf if for Splunk Web. In order to use this, your private key must be decrypted. Which means, you are able to verify the certificate using ssl and it doesn't prompt you for a password. But I doubt you need to access your indexer in Splunk Web. When I changed our certificates system-wide these were my notes for Indexers: ---To prevent server from trying to reach Splunk Base for updates-- Etc/system/local/server.conf [applicationsManagement] allowInternetAccess = false ---without this, mongod will fail to start. [kvstore] serverCert = $SPLUNK_HOME/etc/auth/<servername>/<servername>.pem sslPassword = <password_of_serverCert> [sslConfig] serverCert = $SPLUNK_HOME/etc/auth/<servername>/<servername>_.pem sslPassword = <password_of_serverCert> sslRootCAPath = $SPLUNK_HOME/etc/auth/rootca/Root_CA.pem Etc/system/local/inputs.conf [SSL] serverCert = $SPLUNK_HOME/etc/auth/receiver/receiver_cert.pem sslPassword = <password > sslVersions = -all, tls1.2 Now, if you must access Splunk Web into the indexer: Etc/system/local/web.conf Note: Splunk Web will not work with encrypted private key. Ensure you are using decrypted private key and certificate for this configuration. [settings] privKeyPath = $SPLUNK_HOME/etc/auth/<servername>/<webServerCert>_webServerCert_priv.key serverCert = $SPLUNK_HOME/etc/auth/<servername>/< webServerCert>_webServerCert_cert.pem To export private key decrypted for us in Splunk Web web.conf, you can use the following: Export private key, you will need the pass phrase: openssl rsa -in server_priv.key -out web_server_priv.key you can copy this contents and replace the key on your original servercert.pem and save it as whatever name you like: web_servercert.pem Test your certificate to ensure you are not prompted for passphrase: openssl rsa -in web_servercert.pem –text (Remember, you will only use this for web.conf, if you try to use this in server.conf - mongod will not start due to no passphrase)
... View more