We needed to install a vendor signed cert so that we could stream info to Splunk into a HTTP Event Collector.
So I make a csr with openssl, got a vendor cert, copied the private key+public cert+intermediate+root into a server.pem file, and added that and the password into server.conf.
sslPassword = xxxxx
serverCert = /opt/splunk/etc/auth/server.pem
enableSplunkdSSL = true
-ca was already there, I just left it.
sslRootCAPath = /opt/splunk/etc/auth/cacert.pem
Restarted.
The splunk HTTP event collector port was functional and had no errors starting up. We were able to verify that the cert appeared to be installed correctly. openssl s_client -connect localhost:8088 returned the cert no problem. Our streaming service was able to connect and gets a 200 OK back from Splunk.
However, now the web gui is broken. The user/pass prompt screen comes up, but after you login, it gives you a 500 error. Even in --debug mode, none of the logs in var/log/splunk say anything about the 500 error.
What might be the issue here? Does web.conf need to use the same cert I put into server.conf? Does the server.conf cert need to be trusted in a keystore somewhere?
thanks.
... View more