Getting Data In

How to set up my Splunk REST API with self-signed certificates and how to configure for the REST API 8089 port?

timoti
Explorer

Hello, after 2 days of trying hard on this problem, I finally give up and now I am posting it here.

Well, I need to set up my Splunk REST API with my own self-signed certificates. I've already configured the usage of my own self-signed certificates for SplunkWeb, but I'm stuck on the configuration for the REST API 8089 Port.
Here's the problem :
I've already generated my own server certificates thanks to the Splunk docs :
alt text

located in /Application/Splunk/etc/auth/myNewCerts

Here's my configuration file server.conf in /Applications/Splunk/etc/system/local
alt text

When I run commands to verify the matches between my certs and my keys, they match and when I start Splunk everything looks ok.

But when I check the log file at /Applications/Splunk/var/log/splunk/splunkd.log :

$ tail -f splunkd.log | grep ERR

04-25-2018 16:42:50.272 +0200 ERROR ExecProcessor - message from "python /Applications/Splunk/etc/apps/splunk_instrumentation/bin/on_splunk_start.py" ERROR:InstrumentationInit:[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676)

04-25-2018 16:42:52.779 +0200 ERROR ExecProcessor - message from "python /Applications/Splunk/etc/apps/splunk_monitoring_console/bin/dmc_config.py" Socket error communicating with splunkd (error=[X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:2768)), path = /services/shcluster/config?output_mode=json


openssl version : OpenSSL 1.0.2o  27 Mar 2018
OS version : macOS Sierra Version 10.12.6 (16G29)
Python version : Python 2.7.14

Sorry for my bad English, waiting for help.

0 Karma

marcolesh
Path Finder

Hi. Why would you try to add a self signed cert... when splunkd already has its own self signed cert....
What are you trying to acces in the splunkd?

If splunkweb is working, splunkd (RestApi) is already working.

I suggest you to see rest Api uri qick-reference.

http://docs.splunk.com/Documentation/Splunk/7.1.3/RESTREF/RESTlist

If you want to acces from browser you need to acces a rest endpoint with rest method available, and tell to the browser to go ahead when promted the self signed cert warning

here an example:

https://localhost:8089/services/authentication/current-context

NOTE the https part since there is not an automatic redirec

In order to avoid the request of a valid certificate... in every computer get rid of the self-signed cert and get a trusted SSL certificate, you can create your free trusted cert with Let's Encrypt
https://www.splunk.com/blog/2016/08/12/secure-splunk-web-in-five-minutes-using-lets-encrypt.html
Link Above is How-to to secure splunkWeb.... I don´t now how to add it to splunkd... I would like to know ... that's why I got here...

0 Karma

timoti
Explorer

up please im still stuck

0 Karma

timoti
Explorer

Up :
When i set the option "requireClientCert = false" instead of true, i can connect myself on the 8089 interface (https://localhost:8089) with my own certificate added on my computer. Then when i try to connect to "https://[myip]:8089" with another computer on the same local network, it request a valid certificate that the computer hasnt, so it cant connect
. But the splunkweb interface is still accesible via "https://[myi p]:8000" from any other computer.
I dont know how its works ??

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...