Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Custom Certificate for Port 8089

tmontney
Builder
‎03-16-2018 02:57 PM

I've just reconfigured Splunk to use our own certificate for the web management, and it worked great. However, I also need that same cert for 8089. It seems like a different process. From the server.conf example...

[sslConfig]
enableSplunkdSSL = true
useClientSSLCompression = true
serverCert = $SPLUNK_HOME/etc/auth/server.pem
sslPassword = password
sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem
certCreateScript = genMyServerCert.sh

First off, web.conf asked for private key and server cert. Why in this case are the parameters different? Why can't I point to a privatekey file? And is certCreateScript mandatory? It seems like it's for auto generating certificates, but I'm providing my own.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎03-19-2018 12:49 PM

You shouldnt use the same web cert for splunkd communications.

The web cert is not encrypted with a key, whereas the splunkd cert should be.

If you encrypt the web cert with a key, then the browser will have to present the key to splunk web in order to open splunk web (its not a very common configuration, although there are some institutions/regulations that may require the web cert to be encrypted - it doesnt sound like this is one of them because you say "I dont have an sslPassword")

0 Karma
Reply

starcher
Influencer
‎03-16-2018 03:52 PM

A good place to start is review the April 2016 recording and pdf.
https://wiki.splunk.com/Virtual_.conf

Reply

jkat54
SplunkTrust
SplunkTrust
‎03-16-2018 05:34 PM

April 2016
When: April 28th
Who: George Starcher and Duane Waddle, Defense Point Security
What: Avoid the SSLippery SSLope of Default SSL
Recording: https://splunk.webex.com/splunk/lsr.php?RCID=da90ccae281af46da9e4a3b46c076a0b
Slides: Media:SplunkTrustApril-SSLipperySlopeRevisited.pdf

Reply

tmontney
Builder
‎03-19-2018 10:43 AM

This webex refers to a lot of deprecated properties. If you compare their sample vs 7.0.0, it's not even close.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎03-19-2018 12:39 PM

Its true things have been deprecated but they're easy to map from the presentation to the new field names. The .spec files even show the correct setting:

 sslKeysfilePassword = <password>
 * DEPRECATED; use '**sslPassword**' instead.

In the end its the same concept for generating certs and securing the environment.

0 Karma
Reply

tmontney
Builder
‎03-19-2018 12:42 PM

Yes, but I don't have an sslPassword. Do I just leave it empty?

Reply

jkat54
SplunkTrust
SplunkTrust
‎03-19-2018 07:15 PM

Splunk Web certs don’t have passwords but backend connections do. So you’ll need to key encrypt the web Cert to use it on the backend...

openssl x509 -in /path/to/your/web/cert -out cert.pem -keyout cert.key

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...