Hi Splunkers,
I used below link for the generating the key, CSR and finally configuring the certificate in Search head.
https://docs.splunk.com/Documentation/Splunk/7.2.7/Security/Getthird-partycertificatesforSplunkWeb
https://docs.splunk.com/Documentation/Splunk/7.2.7/Security/SecureSplunkWebusingasignedcertificate
While i submitted the csr to the signing authority, i get the server certificate and CA Certificate, i converted both of them in .pem and gave the path in web.conf on search head.
But when in start splunk services, now the web services are not getting started.
On checking ServerCertificate i found SAN (Subject Alternate Name) was missing in Server Certificate. i'm suspecting while generating the CSR, might be the DNS entries did not get mention in csr.
If yes, how shall i proceed?
Does the modulus of the key, match the cert, match the CSR?
openssl x509 some.pem -noout -modulus | openssl md5
openssl rsa some.key -noout -modulus | openssl md5
openssl req some.csr -noout -modulus | openssl md5
If not, something went wrong with your process.
Does the modulus of the key, match the cert, match the CSR?
openssl x509 some.pem -noout -modulus | openssl md5
openssl rsa some.key -noout -modulus | openssl md5
openssl req some.csr -noout -modulus | openssl md5
If not, something went wrong with your process.
Hey @jkat54
The modulus of the 3 is same.
I just want to know, when we get the server certificate from the third party, then SAN should be mentioned in the field or not?
Can you try this method and let us know if it works?
Thanks @jkat54
You're welcome @sarvesh_11
Please share your web.conf settings.
Hi @jkat54
[settings]
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/mycerts/myServerPrivateKey.key
serverCert = /opt/splunk/etc/auth/mycerts/myservercert.pem