Security

Can you use 3rd party cert for Splunk Web while using another self-signed client-side cert connecting to Splunk API 8089?

iamjvn
Explorer

It seems the Splunk Web application does not allow for configuration to serve a 3rd party certs for Splunk Web 443, while using another client-side cert connecting to Splunk API 8089. Is my conclusion correct?

I'm referring to the following 2 types of exchanges:
1. Browser (client) to Splunk Web 443/8443 (server) - 3rd party certs with 3rd party root CA - WORKS
2. Splunk Web (client) to Splunkd 8089 (server) - self-signed with own CA root cert - DOES NOT WORK - The 3rd party cert is provided by Splunk Web as the client-side cert, which is not what I want.

My problem is that connection #2 does not authenticate the Splunk Web client because it seems I cannot configure it to use a different certificate for the Splunk Web client-side of the connection to Splunkd.

server.conf:

[sslConfig]
serverCert=/my-own-certs/self-signed-certificate1.pem
requireClientCert=true

web.conf:

[settings]
serverCert=/provided-certs/3rd-party-certificate.pem

What am I missing here?

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...