Security

Why am I receiving errors after configuring Splunk Web SSL with self signed certificates?

davesplunk01
Path Finder

Installed Splunk 6.5.1 and followed the steps from https://docs.splunk.com/Documentation/Splunk/6.5.2/Security/Howtoself-signcertificates and enabled the Splunk Web SSL. Still facing the issue

Chrome:

"Your connection is not private". while debugging more saw the error: NET::ERR_CERT_AUTHORITY_INVALID from the chrome browser. 

IE:

"There is a problem with this website’s security certificate".

Is there any configuration missing? I have followed all the steps and there are no error in internal logs also.

thanks,

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

You will have ssl warnings from your browser regardless because most of them warn when a self signed certificate is being used, even if you add the ssl certificate to the certificate store. However, you can usually get the browser to stop popping up the warning if you add the certificate to the trusted root store, or another store your browser uses.

Sometimes it depends on what browser you want to use. Take for example this answer on how to get Chrome to trust your self signed certificate:

http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificat...

Another common issue (No pun intended) is when you give your self signed certificate a common name of something like "mysplunkhost.mydomain.com" but then you open the web ui using https://localhost:8000. To get around this issue you typically have to add the following to your hosts file (/etc/hosts, or c:\windows\system32\drivers\etc\hosts):

127.0.0.1 localhost, mysplunkhost.mydomain.com, orWhateverCommonNameYouGaveYourSelfSignedCert

After making this change you may need to restart your browser.

View solution in original post

0 Karma

aaraneta_splunk
Splunk Employee
Splunk Employee

@davesplunk01 - Did one of the answers below help provide a solution your question? If yes, please click “Accept” below the best answer to resolve this post and upvote anything that was helpful. If no, please leave a comment with more feedback. Thanks.

0 Karma

starcher
Influencer

We also tend to recommend using a third party cert if you have no easy trust management of your user systems.
https://wiki.splunk.com/Virtual_.conf
April 2016 section for materials on SSL and Splunk.

0 Karma

jkat54
SplunkTrust
SplunkTrust

You will have ssl warnings from your browser regardless because most of them warn when a self signed certificate is being used, even if you add the ssl certificate to the certificate store. However, you can usually get the browser to stop popping up the warning if you add the certificate to the trusted root store, or another store your browser uses.

Sometimes it depends on what browser you want to use. Take for example this answer on how to get Chrome to trust your self signed certificate:

http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificat...

Another common issue (No pun intended) is when you give your self signed certificate a common name of something like "mysplunkhost.mydomain.com" but then you open the web ui using https://localhost:8000. To get around this issue you typically have to add the following to your hosts file (/etc/hosts, or c:\windows\system32\drivers\etc\hosts):

127.0.0.1 localhost, mysplunkhost.mydomain.com, orWhateverCommonNameYouGaveYourSelfSignedCert

After making this change you may need to restart your browser.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...