Hello everybody, can you please tell where i am making errors? I can't make the https splunk web load with my self signed certificate. I have a test environment, one Splunk Server where i have executed the following steps: mkdir $SPLUNK_HOME/etc/auth/mycerts cd $SPLUNK_HOME/etc/auth/mycerts $SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out CAPK.key 2048 # Root CA private key $SPLUNK_HOME/bin/splunk cmd openssl req -new -key CAPK.key -out CACSR.csr # Root CA signing request # a this point in the Common Name i have tried putting everything, hostname, private ip, localhost, ecc but i doesn't seem to make any difference $SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in CACSR.csr -sha512 -signkey CAPK.key -CAcreateserial -out CACE.pem -days 1095 # my CA certificate $SPLUNK_HOME/bin/splunk cmd openssl genrsa -aes256 -out DEPPK.key 2048 # i have configured the same password for both keys but i doesn't seem to be the problem $SPLUNK_HOME/bin/splunk cmd openssl req -new -key DEPPK.key -out DEPCSR.csr # for the Common Name value i have tried the same things for the CA $SPLUNK_HOME/bin/splunk cmd openssl x509 -req -in DEPCSR.csr -SHA256 -CA CACE.pem -CAkey CAPK.key -CAcreateserial -out DEPCE.pem -days 1095 cat DEPCE.pem DEPPK.key CACE.pem > DEPCEchain.pem # in the /opt/splunk/etc/system/local/web.conf i have written: [settings] enableSplunkWebSSL = true privKeyPath = /opt/splunk/etc/auth/mycerts/DEPPK.key serverCert = /opt/splunk/etc/auth/mycerts/DEPCEchain.pem startwebserver = 1 httpport = 8000 # to see if the connection to the server is going well i use openssl s_client -connect 192.168.1.11:8000 # OR openssl s_client -connect 127.0.0.1:8000 # and it says CONNECTED(00000003) unfortunatly if i try to navigate splunk web on https it doesn't load # i have tried putting the certificates inside /opt/splunk/etc/auth/splunkweb and then colling them in web.conf but nothing happens # this is what is written inside server.conf: [sslConfig] sslRootCAPath = /opt/splunk/etc/auth/mycerts/CertificateAuthorityCertificate.pem sslPassword = $7$7OQ1bcyW5b53gGJ/us2ExVKxerWlcolKjoS1j7pZ05QpmNmIUt7NQw== I don't know what to try next, i can't find a solution, no matter what i try it won't load on splunk web. Maybe it can help saying that i call https://192.168.1.11:8000/ on the browser. Even tried putting sslPassword inside web.conf with the key password but nothing changed.
... View more