Security

Why is SSL not working when I try to access Splunk Web in Chrome or Internet Explorer?

abhayneilam
Contributor

Hi,

I have configured Splunk to use https to open the Splunk URL ( https://xxx.xxx.xx.xx:8000 ), but it is showing an error in Chrome and Internet Explorer. However, If I open the same in Maxthon OR Mozilla, it is not showing any error. It is asking us to add the exception and after adding that, it is working absolutely fine .

Could you please help me to solve this issue with the IE and Chrome?
PFA my web.conf settings under /opt/splunk/etc/system/local

[root@client5 local]# cat web.conf
[settings]
enableSplunkWebSSL = true
privKeyPath = etc/auth/splunkweb/mySplunkWebPrivateKey.key
caCertPath = etc/auth/splunkweb/mySplunkWebCertificate.pem
supportSSLV3Only = False
0 Karma

dgrubb_splunk
Splunk Employee
Splunk Employee
0 Karma

abhayneilam
Contributor

Also, When I checked my splunkd.log , I found the following :

02-29-2016 17:07:27.110 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.111 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.112 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.114 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.115 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:27.256 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:07:32.261 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:12:58.409 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:12:58.509 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:12:59.242 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:13:04.285 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
02-29-2016 17:19:21.744 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
02-29-2016 17:21:14.548 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
03-01-2016 01:15:40.208 +0530 INFO  loader - Limiting REST HTTP server to 1365 sockets
03-01-2016 01:28:11.812 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
03-01-2016 01:28:42.909 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
03-01-2016 01:28:44.939 +0530 WARN  HttpListener - Socket error from xxx.xxx.xx.x while idling: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

1.) Have you added your root CA into your certificate .pem file in below order?
Certificate
-----BEGIN CERTIFICATE-----
... (certificate for your server)...
-----END CERTIFICATE-----
Intermediate Certificate(If your certificate signed by intermediate certificate)
-----BEGIN CERTIFICATE-----
... (intermediate certificate)...
-----END CERTIFICATE-----
Root CA
-----BEGIN CERTIFICATE-----
... (Root CA certificate)...
-----END CERTIFICATE-----

2.) Do you have intermediate and root CA installed on your browser??

3.) After configurations of certificate have you restarted splunk web service?

4.) Your Certificate CN is same as your hostname on which splunk is running??

0 Karma

abhayneilam
Contributor

Hi,

I hiave not installed any certificate in any of my browser, I have followed the Splunk deck and did all my configuration. It is opening in MOZILLA but not in Chrome and IE. The order is also correct , I have restartet splunkweb and splunkd both after configuration.

I have observed that it has a week SHA-1 cert, so chrome cannot be used as well as IE.

Could you please help me to get rid of this issue !!

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

You need to install intermediate and root certificate in your browser.

Why it is working in Mozilla because first time you trusted this certificate so Mozilla is not asking again and again but if you restart your computer and then try again in Mozilla it will ask you to trust this certificate.

0 Karma

abhayneilam
Contributor

Hi,

The question is not about asking for certificate, Even that option I am not getting in IE and Chrome what I am getting atleast in Mozilla.

The self signed certificate has a week SHA-1 cert. Could you please let me know how to make it a stronger than SHA-1

0 Karma

abhayneilam
Contributor

I have created the certificate using SHA-256 algo but still it is opening in Mozilla but not in IE. Please help me with some work around !!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...