the test results are in...
TL;DR; version
- From my messing around - trying to make apps in chrome doesn't work as expected with SSL on the webui
- Does not happen in FireFox
Long Version
The test setup is as follows
Server:
- New VM running updated, latest, CentOS 8
- Splunk 8.0.4
Certs Used:
- Splunk defaults. The self signed certs created when Splunk starts
- Certs created by testing ca (using XCA):
mywebui.pem cert file contains server, intermediate, and root ca certs as a chain, in that order
mywebui.key key file containing unencrypted private key for mywebui.pem
mysplunkd.pem cert file contains serve, encrypted private key, int ca, root ca, in that order
myrootca.pem cert file contains only the root ca cert (not the int ca)
- all certs installed in $SPLUNK_HOME/etc/auth and only adding/changing config in $SPLUNK_HOME/etc/system/local for simplicity
Client:
- Win10
- Chrome 83.0.4103.61
- Firefox 77.0.
- Only the internal root CA has been installed into Windows and Firefox.
- Browsers were restarted before and after every test, and private windows/incognito mode were used to keep cookies and cache getting in the way.
Test Method
Create a new app using webui, using the sample_app template.
Use Splunk search index=_internal sourcetype=splunk_web_service log_level=error to look for errors
Test, no SSL
No problems for both browsers, no errors in Splunk from above search.
Test with Splunk default cert
created web.conf
[settings]
enableSplunkWebSSL = true
Chrome: When click "Save" on add new app, page hangs with button on 'Saving...'. Refresh shows that app is created.
Error in Splunk:
2020-06-03 19:33:48,842 ERROR [5ed76e7cd37fe63d913b90] utility:58 - name=javascript, class=Splunk.Error, lineNumber=26103, message=Uncaught TypeError: Cannot read property 'status' of null, fileName=https://< >:8000/en-GB/static/@1CA1401A03689AC76EC0FD8820202120C1384DA1951537830BBAC1E85DE4DC2B/js/common.min.js`
FireFox: No problems, or errors.
Test with own certs
updated web.conf
[settings]
enableSplunkWebSSL = true
privKeyPath = $SPLUNK_HOME/etc/auth/mywebui.key
serverCert = $SPLUNK_HOME/etc/auth/mywebui.pem
updated server.conf
[sslConfig]
caCertFile = $SPLUNK_HOME/etc/auth/myrootca.pem
serverCert = $SPLUNK_HOME/etc/auth/mysplunkd.pem
sslPassword = it-is-not-a-problem-the-password-is-correct
Chrome: Trusted in browser, same behavior as default ssl test, page hangs, app created in background
Error in Splunk:
2020-06-03 20:01:29,059 ERROR [5ed774f90a7fa16bf98d10] utility:58 - name=javascript, class=Splunk.Error, lineNumber=26103, message=Uncaught TypeError: Cannot read property 'status' of null, fileName=https://< >:8000/en-GB/static/@1CA1401A03689AC76EC0FD8820202120C1384DA1951537830BBAC1E85DE4DC2B/js/common.min.js
FireFox: Trusted in browser, no problems, or errors.
conclusion
throw out chrome? use firefox? :shurg:
Hope all this helps.
... View more