My understanding on the knowledge base article located here...
http://www.splunk.com/base/Documentation/latest/Admin/SecureaccesstoyourSplunkserverwithSSL
...is that I can take an existing .pem file I have using my third-party wildcard cert and then do this...
mkdir /opt/splunk/share/splunk/certs
cp /etc/tmp/certs/_.thirdpartywildcard_cert.com /opt/splunk/share/splunk/certs/privkey.pem
cp /etc/pki/tls/cert.pem /opt/splunk/share/splunk/certs/cert.pem
vi /opt/splunk/etc/system/local/web.conf
diff /opt/splunk/etc/system/local/web.conf /opt/splunk/etc/system/local/web.conf.20110701
3,4d2
< privKeyPath = /certs/privkey.pem
< caCertPath = /certs/cert.pem
[root@aaa ~]#
2011-07-05 11:54:42,244 INFO [4e1341d1f6b6453d0] root:243 - Enabling SSL
2011-07-05 11:54:42,244 ERROR [4e1341d1f6b6453d0] root:493 - Unable to start splunkweb
2011-07-05 11:54:42,244 ERROR [4e1341d1f6b6453d0] root:494 - /certs/privkey.pem Not Found
Traceback (most recent call last):
File "/opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/root.py", line 489, in
run(blocking=True)
File "/opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/root.py", line 258, in run
raise ValueError("%s Not Found" % global_cfg['server.ssl_private_key'])
ValueError: /certs/privkey.pem Not Found
A simple question is where is "/", since I had to create
/opt/splunk/share/splunk/certs
I think the kb article may be incorrect about where to put the pem file.
What I really want to do is put a link to the place where I normally install the .pem
Any done this yet and got it to work?
Also, where does SPLUNK web chroot to?
Hi maverick
just had to setup SSL last friday so I remember that the paths for "privKeyPath" and "caCertPath" are relative to $SPLUNK_HOME/share/splunk. Strange is that you had to create the certs directory, mine was existing in 4.1.8.
btw here is a great wiki about this topic
no info about the chroot, sorry.