It seems the Splunk Web application does not allow for configuration to serve a 3rd party certs for Splunk Web 443, while using another client-side cert connecting to Splunk API 8089. Is my conclusion correct?
I'm referring to the following 2 types of exchanges:
1. Browser (client) to Splunk Web 443/8443 (server) - 3rd party certs with 3rd party root CA - WORKS
2. Splunk Web (client) to Splunkd 8089 (server) - self-signed with own CA root cert - DOES NOT WORK - The 3rd party cert is provided by Splunk Web as the client-side cert, which is not what I want.
My problem is that connection #2 does not authenticate the Splunk Web client because it seems I cannot configure it to use a different certificate for the Splunk Web client-side of the connection to Splunkd.
server.conf:
[sslConfig]
serverCert=/my-own-certs/self-signed-certificate1.pem
requireClientCert=true
web.conf:
[settings]
serverCert=/provided-certs/3rd-party-certificate.pem
What am I missing here?
hey iamjvn,
You can refer the following doc:
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...
https://docs.splunk.com/Documentation/Splunk/7.0.2/Security/Getthird-partycertificatesforSplunkWeb
https://docs.splunk.com/Documentation/Splunk/7.0.2/latest/SecureSplunkWebusingasignedcertificate
Let me know if this helps!!!