Security

Custom Certificate for Port 8089

tmontney
Builder

I've just reconfigured Splunk to use our own certificate for the web management, and it worked great. However, I also need that same cert for 8089. It seems like a different process. From the server.conf example...

[sslConfig]
enableSplunkdSSL = true
useClientSSLCompression = true
serverCert = $SPLUNK_HOME/etc/auth/server.pem
sslPassword = password
sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem
certCreateScript = genMyServerCert.sh

First off, web.conf asked for private key and server cert. Why in this case are the parameters different? Why can't I point to a privatekey file? And is certCreateScript mandatory? It seems like it's for auto generating certificates, but I'm providing my own.

0 Karma

jkat54
SplunkTrust
SplunkTrust

You shouldnt use the same web cert for splunkd communications.

The web cert is not encrypted with a key, whereas the splunkd cert should be.

If you encrypt the web cert with a key, then the browser will have to present the key to splunk web in order to open splunk web (its not a very common configuration, although there are some institutions/regulations that may require the web cert to be encrypted - it doesnt sound like this is one of them because you say "I dont have an sslPassword")

0 Karma

starcher
SplunkTrust
SplunkTrust

A good place to start is review the April 2016 recording and pdf.
https://wiki.splunk.com/Virtual_.conf

jkat54
SplunkTrust
SplunkTrust

April 2016
When: April 28th
Who: George Starcher and Duane Waddle, Defense Point Security
What: Avoid the SSLippery SSLope of Default SSL
Recording: https://splunk.webex.com/splunk/lsr.php?RCID=da90ccae281af46da9e4a3b46c076a0b
Slides: Media:SplunkTrustApril-SSLipperySlopeRevisited.pdf

tmontney
Builder

This webex refers to a lot of deprecated properties. If you compare their sample vs 7.0.0, it's not even close.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Its true things have been deprecated but they're easy to map from the presentation to the new field names. The .spec files even show the correct setting:

 sslKeysfilePassword = <password>
 * DEPRECATED; use '**sslPassword**' instead.

In the end its the same concept for generating certs and securing the environment.

0 Karma

tmontney
Builder

Yes, but I don't have an sslPassword. Do I just leave it empty?

jkat54
SplunkTrust
SplunkTrust

Splunk Web certs don’t have passwords but backend connections do. So you’ll need to key encrypt the web Cert to use it on the backend...

openssl x509 -in /path/to/your/web/cert -out cert.pem -keyout cert.key

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...