@Gregski11 , I've been (painfully) working through some of the 'new SSL' processes myself. Unfortunately the documentation is as helpful as I was hoping and in some cases is actually functionally incorrect. However I have gotten what I believe to be the correct web.conf config done, server.conf is proving to have a few extra gremlins current. What I suspect is happening here is that you're providing the server PEM you got from the CA but what Splunk's looking really wanting here is a 'combined' cert: https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/HowtoprepareyoursignedcertificatesforSplunk. I've had to add a little bit more than what the docs call out, probably because I created the CA cert and the server cert on the Splunk instance but here's my web.conf file looks like: [settings]
enableSplunkWebSSL = true
sslPassword = $7$7mytLzGbDj/xZXYnAuZCXks/FYVEAi7AqKXHOqezXPBM1qwfsHRPM8Fe
privKeyPath = /opt/splunk/etc/auth/mycerts/myServerPrivateKey.key
serverCert = /opt/splunk/etc/auth/mycerts/myServerCert.pem
sslRootCAPath = /opt/splunk/etc/auth/mycerts/myCertAuthCertificate.pem tools.sessions.timeout = 8640 Hope it helps!
... View more