Hi,
I have configured Splunk to use https to open the Splunk URL ( https://xxx.xxx.xx.xx:8000 ), but it is showing an error in Chrome and Internet Explorer. However, If I open the same in Maxthon OR Mozilla, it is not showing any error. It is asking us to add the exception and after adding that, it is working absolutely fine .
Could you please help me to solve this issue with the IE and Chrome?
PFA my web.conf settings under /opt/splunk/etc/system/local
[root@client5 local]# cat web.conf
[settings]
enableSplunkWebSSL = true
privKeyPath = etc/auth/splunkweb/mySplunkWebPrivateKey.key
caCertPath = etc/auth/splunkweb/mySplunkWebCertificate.pem
supportSSLV3Only = False
This link talks how to add the self signed cert to Chrome:
Also, When I checked my splunkd.log , I found the following :
02-29-2016 17:07:27.110 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.111 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.112 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.114 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.115 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.256 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:32.261 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:12:58.409 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:12:58.509 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:12:59.242 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:13:04.285 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:19:21.744 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
02-29-2016 17:21:14.548 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
03-01-2016 01:15:40.208 +0530 INFO loader - Limiting REST HTTP server to 1365 sockets
03-01-2016 01:28:11.812 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
03-01-2016 01:28:42.909 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
03-01-2016 01:28:44.939 +0530 WARN HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
Hi,
1.) Have you added your root CA into your certificate .pem file in below order?
Certificate
-----BEGIN CERTIFICATE-----
... (certificate for your server)...
-----END CERTIFICATE-----
Intermediate Certificate(If your certificate signed by intermediate certificate)
-----BEGIN CERTIFICATE-----
... (intermediate certificate)...
-----END CERTIFICATE-----
Root CA
-----BEGIN CERTIFICATE-----
... (Root CA certificate)...
-----END CERTIFICATE-----
2.) Do you have intermediate and root CA installed on your browser??
3.) After configurations of certificate have you restarted splunk web service?
4.) Your Certificate CN is same as your hostname on which splunk is running??
Hi,
I hiave not installed any certificate in any of my browser, I have followed the Splunk deck and did all my configuration. It is opening in MOZILLA but not in Chrome and IE. The order is also correct , I have restartet splunkweb and splunkd both after configuration.
I have observed that it has a week SHA-1 cert, so chrome cannot be used as well as IE.
Could you please help me to get rid of this issue !!
You need to install intermediate and root certificate in your browser.
Why it is working in Mozilla because first time you trusted this certificate so Mozilla is not asking again and again but if you restart your computer and then try again in Mozilla it will ask you to trust this certificate.
Hi,
The question is not about asking for certificate, Even that option I am not getting in IE and Chrome what I am getting atleast in Mozilla.
The self signed certificate has a week SHA-1 cert. Could you please let me know how to make it a stronger than SHA-1
I have created the certificate using SHA-256 algo but still it is opening in Mozilla but not in IE. Please help me with some work around !!